I would like to submit a request to add OpenVPN as one of the VPN options to the Peplink line. The current option for direct end user connectivity to the Peplink network is over PPTP and that has been proven to be quite insecure:
PPTP is (as of Oct 2012) considered cryptographically broken and its use is no longer recommended by Microsoft.
Just wanted to throw it out there that the SOHO should get this feature, too! Would love to be able to connect my SOHO to a VPN service as a client, so that all connections to the SOHO are going through the VPN. Having the SOHO act as a VPN server would be great, too!
Hoping the new L2TP/IPsec feature will have the following:
Add firewall rules based on these accounts/groups. For instance, internal users have access to the following IPs/network/etc whereas VendorA has access to vlanA, Vendor B has access to vlanB, etc.
Possibly define specific ip(s) for specific accounts/groups.
Groups/Roles - define a policy for the group/role then apply for multiple accounts.
Easy mobile / workstation deployment of the configuration file for connection (minus the credentials of course).
Currently a limitation listed that multiple users behind same public IP may have problems connecting over L2TP concurrently. I have seen this before on others L2TP as well so I am wondering if it can be resolved? Assuming no, I also +1 the request for OpenVPN as a solution that could be two factor, scalable (multiple users behind same ip no problem), firewall friendly as server could be setup for example to listen on TCP 443 and certainly admin configurable, and clients available on all major platforms.
Please ensure the Captive portal allows for the ability to have a user log into the portal via a radius server.
Once login is verified, have a utility that will create a vpn connection over port 80 between the end user and a specific network or network set.
The limitation of L2TP/IPsec that multiple users behind same public IP should only affect Windows devices from our tests, if you’re using Android / iPhone / iPad / MacBook, L2TP/IPsec will work well for multiple users behind the same public IP. We are fully aware of this problem and currently working on a solution for it, doesn’t have a confirmed time frame yet, but this will finally be resolved.
I am another +1 for the OpenVPN option, please, having read the following on IVPN’s website:
“IPSec has no known major vulnerabilities and is generally considered secure when used with a secure encryption algorithm such as AES. However Leaked NSA presentations indicate that IKE is being exploited in an unknown manner to decrypt IPSec traffic.”