Community discussions

 
virtman
newbie
Topic Author
Posts: 31
Joined: Mon Dec 12, 2016 11:31 am

L2TP with MPPE 40bit RSA

Wed Jan 04, 2017 10:29 am

Hi,

The current documentation at http://wiki.mikrotik.com/wiki/Manual:Interface/L2TP describes:
MPPE 40bit RC4 and MPPE 128bit RC4 encryption are supported.
However, how I can select 40bit over 128bit using two RouterOS devices?

Please, don't say that 40bit it's a weak encryption, or recomened IPSec as MPPe 128bit is also insecure. That I need is a simple "ofuscation" with a very low CPU overhead. So, a 40bit encryption is a good alternative. Also, no encryption in L2TP plus IPSec is not a solution for me... I really need to use ONLY L2TP, but with 40bit and not 128bit encryption.

Someone knows how to stablish a L2TP connection (PPP in general) between two RouterOS devices using MPPE 40bit?
Please, help me!
Thank you.
 
User avatar
mrz
MikroTik Support
MikroTik Support
Posts: 5942
Joined: Wed Feb 07, 2007 12:45 pm
Location: Latvia
Contact:

Re: L2TP with MPPE 40bit RSA

Wed Jan 04, 2017 12:54 pm

MPPE 40bit RC4 support was removed long time ago.
 
virtman
newbie
Topic Author
Posts: 31
Joined: Mon Dec 12, 2016 11:31 am

Re: L2TP with MPPE 40bit RSA

Sun Jan 15, 2017 8:21 pm

MPPE 40bit RC4 support was removed long time ago.
Hi,

An why?
As I say we need to use L2TP with a light encryption (equal near to 'ofuscation' with a very low CPU overhard). So, no encryption is not a solution for us. Please, can you provide one alternative? I request to reactivate MPPE 40bit.

Regards.
 
virtman
newbie
Topic Author
Posts: 31
Joined: Mon Dec 12, 2016 11:31 am

Re: L2TP with MPPE 40bit RSA

Mon Jan 16, 2017 10:49 am

Hi,

Today I see this in my LOGs:
jan/05/2017 08:46:39 ppp,error,critical 192.168.172.21: Encryption got out of
 sync - disabling
jan/05/2017 10:10:01 ppp,error,critical 192.168.172.21: Encryption got out of
 sync - disabling
jan/05/2017 10:56:21 ppp,error,critical 192.168.172.21: Encryption got out of
 sync - disabling
jan/05/2017 11:21:17 ppp,error,critical 192.168.172.21: Encryption got out of
 sync - disabling
jan/07/2017 19:05:01 ppp,error,critical 192.168.172.21: Encryption got out of
 sync - disabling
jan/13/2017 12:56:47 ppp,error,critical 192.168.172.21: Encryption got out of
 sync - disabling
jan/13/2017 20:38:43 ppp,error,critical 192.168.172.21: Encryption got out of
 sync - disabling
jan/14/2017 09:49:43 ppp,error,critical 192.168.172.21: Encryption got out of
 sync - disabling
Please, help me to: 1) Enforce the encryption... as isn't acceptable that a encrypted tunnel changes to clear tunnel!!! 2) Enable MPPE 40bit, as my concentrator (L2TP server) seems to don't have sufficient CPU performance.

Also, I think that added problem is the unreliable link over I'm running the tunnel: a wireless link with some noise. Then some packets are lost (around 1%). So, we need to have a reliable L2TP tunnel. I suggest to "reset" the PPP tunnel when the encryption goes out of sync, instead of failback to no encryption.

Please, help us to improve the RouterOS.
 
virtman
newbie
Topic Author
Posts: 31
Joined: Mon Dec 12, 2016 11:31 am

Re: L2TP with MPPE 40bit RSA

Mon Jan 16, 2017 11:22 am

The current documentation at http://wiki.mikrotik.com/wiki/Manual:Interface/L2TP describes:
MPPE 40bit RC4 and MPPE 128bit RC4 encryption are supported.
MPPE 40bit RC4 support was removed long time ago.
Hi,

Now I see that the documentation page is updated: the 40bit RC4 support is removed.
OK. Also, I check that in MPPE the RC4 algorithm is ARCFOUR, then MPPE 40bit is ARCFOUR-40 (deprecated) and MPPE 128bit is ARCFOUR or ARCFOUR-128 (I feel is the first).

Then, as ARCFOUR is the less CPU intensive encryption algorithm used in RouterOS, we can leave without MPPE 40bit. So, don't worry for use MPPE 128bit stateless as an "ofuscator" (not a true encryption).

However, I need a solution for the problem to switch to non-encryption when several sync errors appears. Can you help me to overcome this problem?
Thank you!
 
virtman
newbie
Topic Author
Posts: 31
Joined: Mon Dec 12, 2016 11:31 am

Re: L2TP with MPPE 40bit RSA

Tue Feb 07, 2017 1:06 pm

However, I need a solution for the problem to switch to non-encryption when several sync errors appears. Can you help me to overcome this problem?
Hi,

Problem solved forcing (="required") encryption in the ppp profile (instead of "yes").

I comment here only for reference.

Who is online

Users browsing this forum: No registered users and 94 guests