Certificate authentication L2TP over IPsec


#1

Feature specifics - what is/are needed:

Support certificate based authentication in addition to the existing pre-shared key authentication for L2TP over IPsec remote user access VPN for security reason and for better user policy management.
Support assigning an IP address from a VLAN other than the untagged VLAN to L2TP over IPsec users.
Support reserving an IP address from a VLAN other than the untagged VLAN to L2TP over IPsec users.

Products that the feature to be developed on:
all Peplink products that support L2TP over IPsec.

Deployment specifics

Deployment: a Peplink Balance deployed at the headquarter connected to 40x remote tanker ships each equipped with a MAX BR1 IP55 by PepVPN. Remote users need to be able to connect to the Peplink Balance at the headquarter by L2TP over IPsec to access resources at the headquarter and on the tankers ships.
Application: Certificate based authentication would enhance security in a world where enterprise security breach is on the news everyday incurring massive financial and marketing demage. Assigning and reserving an IP address from a VLAN other than the untagged VLAN would allow for better user access management and enhance security.


#2

I think the “Connect to Network” option in Remote User Access configuration page is what you’re looking for? Screenshot below:

This is currently available in firmware 7.0.0 RC, and will soon be released as GA. If you want to get a preview, you can go to the following page:

For certificate based authentication, we agree this will be useful for enterprise environment and this is now in our road map, however there are still many other exciting new features on the way as well so this may not arrive in a short period of time. Any other users think this is a must have feature on Peplink? More like received on this post will absolutely raise the priority of this feature request.