FOR TIPS, gUIDES & TUTORIALS

subscribe to our Youtube

GO TO YOUTUBE

12682 questions

15066 answers

24138 comments

47100 members

0 votes
236 views 7 comments
by
Hello,

I would like to configure L2TP with IPSec on RUT240 as server and Windows 10 as client.

I followed this manual:

https://wiki.teltonika-networks.com/view/RUT240_L2TP_over_IPsec_(Windows_10)

It is working, but there is huge security loophole. When you select L2TP with certificate or auto on Windows 10 RUT240 allows connection with just username and password.

Furthermore if connection type is then changed to L2TP/IPSec with pre-shared key, RUT240 allows connection with empty pre-shared key.

Why this happens and how to prevent it? It's insecure this way.

My firmware is RUT2XX_R_00.01.14

1 Answer

0 votes
by
Hello,

I have tried replicating this issue on my side. Removing the pre-shared key VPN is not getting established without this. I am using Windows 10 Pro version 20H2

Could you give us more details about the issue you are having?

Regards,
Mellow
by

I've got Windows 10 Pro 2004.

Did you try L2TP with certificate? It also shouldn't work, but it does for me.

Only after successful connection L2TP with certificate it later allows to connect with empty pre-shared key. It has to be correct or empty. You can't connect with wrong one.

by
Hello,

If the connection is already established and you edit some config it will not be implemented until you restart the connection. That is why you are able to change the configuration without reauthentication because the VPN tunnel is already established. So the best scenario to test this kind of authentication method is when you disconnect the edit configuration and try connecting again.

Windows PC will not initiate a new authentication request once the service is restarted.

Let me know the results.

Regards,
Mellow
by
It goes like this

1. Connection established with L2TP with certificate. Just username and password is required. Why? I would like to disallow this

2. Disconnect

3. Change VPN configuration to L2TP with IPSec and empty pre-shared key

4. Connect. It works without key. I would like to prevent it.
by

Hi, 

Tested it on my side and everything is perfectly working fine. 

Here are some configurations and screenshots:

1. Configuration without pre-shared key

Results:

2. Configuration via Certificate

Results:


3. Configuration with pre-shared key

Results:

I am not able to replicate this issue of yours. My suggestion is to try re-flashing the firmware of the RUT240 you are having without keeping your settings. Then reconfigure L2TP and IPSec again. If still, you are having the same issue try updating your Windows OS.

Let me know the results.

Regards,
Mellow

by

Re-flashing didn't help. Here are my RUT240 settings.

Even if something is messed up with my Windows settings router shouldn't allow connections. I can't enforce VPN users to have specific Windows version or updates installed.

I have changed pre-shared key to see if it isn't somehow remembered by Windows even for certificate connection, but no. Connection is established even if I never entered correct (new) pre-shared key into my system.

by
Hi,

Kindly send me a copy of the troubleshoot file after you tried connecting from your Windows PC without any preshared key. So that I can further investigate.

Regards,
Mellow
by

Sorry for the delay. I send you PM with troubleshoot file. I checked two additional PCs (one with Windows 10 20H2).

It's the same thing - L2TP with certificate completely ignores pre-shared key and connects just with username and password.