OpenVPN End User Termination


#1

I would like to submit a request to add OpenVPN as one of the VPN options to the Peplink line. The current option for direct end user connectivity to the Peplink network is over PPTP and that has been proven to be quite insecure:

PPTP is (as of Oct 2012) considered cryptographically broken and its use is no longer recommended by Microsoft.

http://www.h-online.com/security/features/A-death-blow-for-PPTP-1716768.html

http://www.h-online.com/security/news/item/Microsoft-says-don-t-use-PPTP-and-MS-CHAP-1672257.html

https://www.cloudcracker.com/blog/2012/07/29/cracking-ms-chap-v2/


#2

+1 for this


#3

Will be ideal to support L2TP/IPsec

I have a chromebook I can’t connect using PPTP cause in no supported .


#4

Rodrigo,

Currently PPTP and IPSeC are supported on all of our balance routers


#5

+1 for L2TP VPN Server instead of PPTP.


#6

PPTP is not secure at all. Its outdated.


#7

We recommend customers to use PepVPN, SpeedFusion VPN, or IPsec for all situations where absolute security is required.

PPTP is widely known to have security concerns in the protocol level and should only be used as a convenient VPN option for non-sensitive traffic.

OpenVPN is not considered at this time.


#8

+1 for secure and easy client VPN that’s accessible on iPhone, Android, Mac, Windows, and Linux, ideally SSL based.


#9

We are working on the industrial standard L2TP/IPSec as a real, secure alternative to PPTP.

It is scheduled for 6.3 which is expected in Q1 of the new year.


#10

Thanks!

Just wanted to throw it out there that the SOHO should get this feature, too! Would love to be able to connect my SOHO to a VPN service as a client, so that all connections to the SOHO are going through the VPN. Having the SOHO act as a VPN server would be great, too!


#11

Great news. Thanks!


#12

Great news. Thanks!


#13

I want to give everyone an update because this feature is so hot! :slight_smile: I’m playing with L2TP/IPsec VPN with my iPhone.



It’s coming in 6.2.1 which goes RC testing by end of this month. Stay tuned!


#14

Hoping the new L2TP/IPsec feature will have the following:

  1. Add firewall rules based on these accounts/groups. For instance, internal users have access to the following IPs/network/etc whereas VendorA has access to vlanA, Vendor B has access to vlanB, etc.

  2. Possibly define specific ip(s) for specific accounts/groups.

  3. Groups/Roles - define a policy for the group/role then apply for multiple accounts.

  4. Easy mobile / workstation deployment of the configuration file for connection (minus the credentials of course).


#15

Currently a limitation listed that multiple users behind same public IP may have problems connecting over L2TP concurrently. I have seen this before on others L2TP as well so I am wondering if it can be resolved? Assuming no, I also +1 the request for OpenVPN as a solution that could be two factor, scalable (multiple users behind same ip no problem), firewall friendly as server could be setup for example to listen on TCP 443 and certainly admin configurable, and clients available on all major platforms.


#16

Please ensure the Captive portal allows for the ability to have a user log into the portal via a radius server.
Once login is verified, have a utility that will create a vpn connection over port 80 between the end user and a specific network or network set.


#17

The limitation of L2TP/IPsec that multiple users behind same public IP should only affect Windows devices from our tests, if you’re using Android / iPhone / iPad / MacBook, L2TP/IPsec will work well for multiple users behind the same public IP. We are fully aware of this problem and currently working on a solution for it, doesn’t have a confirmed time frame yet, but this will finally be resolved.


#18

That is awesome news, but just to prove no good deed goes unpunished…

It’s now August 2015. In late 2014, you expected 6.3 to land in Q1 of what I presume was 2015.

I don’t know if you meant calendar year or fiscal year, but in any case it would be nice to have a status update on this.


#19

Hi

I am another +1 for the OpenVPN option, please, having read the following on IVPN’s website:

https://www.ivpn.net/pptp-vs-l2tp-vs-openvpn

“IPSec has no known major vulnerabilities and is generally considered secure when used with a secure encryption algorithm such as AES. However Leaked NSA presentations indicate that IKE is being exploited in an unknown manner to decrypt IPSec traffic.

The leaked documents can be found here:

I believe that only OpenVPN is truly secure, and thank you for considering this request.

Edward


#20

If anyone is interested in this iOS / Android VPN config thread - here is the config info:
http://www.peplink.com/knowledgebase/setting-up-l2tp-with-ipsec/
I’ll be testing it soon and will revert with my findings
Rory