Menu
Reply
  • 12
  • 0
  • 4
georgebell
On our wavelength
418 Views
Message 21 of 42
Flag for a moderator

Re: L2TP/IPSec VPN Issue With Hub3.0

You are not kidding.  "Pathetic" is being rather polite.  Server 2016 **bleep**es about this inferior communication protocol, and quite rightly so.

  • 22
  • 0
  • 2
hooper35
Tuning in
405 Views
Message 22 of 42
Flag for a moderator

Re: L2TP/IPSec VPN Issue With Hub3.0

George,

I don't understand your Server 2016 comment. Please could you expand on that point.

Charles
0 Kudos
Reply
  • 12
  • 0
  • 4
georgebell
On our wavelength
398 Views
Message 23 of 42
Flag for a moderator

Re: L2TP/IPSec VPN Issue With Hub3.0

Charles,

I think the warning below from Best Practices Analyzer (BPA) says it all.  This only appeared when we had to make provision for Virgin's Superhub 3. Rightly or wrongly, I refuse to ignore security warnings.

Many may say, "But it's just a warning!".  My response is usually to ask if they also ignore a low fuel warning when in the outside lane of the M1 during the rush hour with the whole family in the car?

Title:
RRAS: Use authentication protocols that are considered more secure than PAP, CHAP, or MS-CHAPv2

Severity
Warning

Date:
18/08/2017 16:11:47

Category:
Configuration

Problem:
The RRAS server is configured to accept remote access connections that are not authenticated, or that are authenticated with an authentication protocol that is no longer considered secure.

Impact:
PAP and CHAP are no longer considered secure for protecting sensitive data. MS-CHAP v2 is better than PAP or CHAP, but we recommend EAP or computer certificates.

Resolution
Use 'Routing and Remote Access' in Server Manager to select a secure authentication method on the Routing and Remote Access Properties page.

http://go.microsoft.com/fwlink/?linkid=153287

 

0 Kudos
Reply
  • 10.9K
  • 237
  • 2K
Superuser
Superuser
391 Views
Message 24 of 42
Flag for a moderator

Re: L2TP/IPSec VPN Issue With Hub3.0


georgebell wrote:

Hi Jen,

I'd happily send you a PM, but the link in your message appears to go nowhere.

I'm obviously more than reluctant to give out the information you require on the list.

George


Try (if you're lazy): http://community.virginmedia.com/t5/notes/privatenotespage/tab/compose/note-to-user-id/143919

Try (if you're paranoid) clicking on Jen's Avatar then click on her "Send me a message"........

(Jen may still be on sick leave but defo one & more of the  @ForumTeam  is/are covering her PM's!!!! )

Regards Tony
"Life is a Binary Inspired Turing Computed Hologram"(don't PM or @Mention me - in case ignoring you offends)
0 Kudos
Reply
  • 22
  • 0
  • 2
hooper35
Tuning in
388 Views
Message 25 of 42
Flag for a moderator

Re: L2TP/IPSec VPN Issue With Hub3.0

OK.

And therefore you are, in fact, saying that VM is right to block L2TP as it is less secure or am I missing something?

Charles

0 Kudos
Reply
  • 12
  • 0
  • 4
georgebell
On our wavelength
381 Views
Message 26 of 42
Flag for a moderator

Re: L2TP/IPSec VPN Issue With Hub3.0

NO!  Quite the opposite.  In order to allow me to access our 2016 server from home with the Superhub 3, I have to enable a LESS secure protocol on the Server.

0 Kudos
Reply
  • 22
  • 0
  • 2
hooper35
Tuning in
375 Views
Message 27 of 42
Flag for a moderator

Re: L2TP/IPSec VPN Issue With Hub3.0

Ah, so you are saying that you would prefer to use L2TP and MSCHAPv2, but can't, so have to use PAP or CHAP?

Does that mean you are successfully using L2TP with PAP or CHAP through the superhub or are you using something else altogether? If it is L2TP, doesn't that mean the superhub lets through L2TP with PAP or CHAP, but not with MSCHAPv2.

Charles

0 Kudos
Reply
  • 12
  • 0
  • 4
georgebell
On our wavelength
366 Views
Message 28 of 42
Flag for a moderator

Re: L2TP/IPSec VPN Issue With Hub3.0

Charles,

Perhaps you have misread or misunderstood the Server's warning which I quoted earlier?  It says:

"Use authentication protocols that are considered more secure than PAP, CHAP, or MS-CHAPv2"

L2TP/IPsec is considered a more secure protocol, but the Superhub 3 does not support it as it stands.

If you look back through this thread, you will see that while there is a workaround, it means spending money on additional equipment. You will also see at least one list member who would have to fork out a small fortune to have his external users with Virgin access his Servers.

George

0 Kudos
Reply
  • 9.02K
  • 295
  • 963
Forum Team
Forum Team
310 Views
Message 29 of 42
Flag for a moderator

Re: L2TP/IPSec VPN Issue With Hub3.0

Hello George and everyone

 

I just wanted you to know this has been passed to our firmware team who are currently investigating. We have passed on a link to this thread, I appreciate that you have kindly already posted information to help diagnose the problem but anything else you can all think of to help, setups protocols etc will be most welcome.

 

Thank you 

 

 

 

Nicola

Virgin Media Forum Team
0 Kudos
Reply
  • 12
  • 0
  • 4
georgebell
On our wavelength
306 Views
Message 30 of 42
Flag for a moderator

Re: L2TP/IPSec VPN Issue With Hub3.0

That's good news.  Thank you for updating us all.

0 Kudos
Reply