L2TP/IPSec Cipher Suites support?

Post your questions about SoftEther VPN software here. Please answer questions if you can afford.
Post Reply
sriram
Posts: 3
Joined: Mon Sep 24, 2018 5:39 pm

L2TP/IPSec Cipher Suites support?

Post by sriram » Mon Sep 24, 2018 5:49 pm

Hi,

I'm running the newest version of SoftEther (Ver 4.28, Build 9669) on Windows 10 Pro.

The SoftEther specification states that AES is supported under L2TP/IPSec however, the server only advertises 3DES support. For example, in the SoftEther VPN Server Manager window, in the Encryption and Network menu, I have the encryption algorithm set to AES256-SHA256. Yet, when the server is queried with ike-scan, it only advertises support for 3DES:

Code: Select all

SA=(Enc=3DES Hash=SHA1 Auth=PSK Group=2:modp1024 LifeType=Seconds LifeDuration=28800)
Can some one tell me what encryption algorithms, key sizes and hash functions are supported by SoftEther's L2TP/IPSec function? Also, is there a way to specify which DH group is to be used?

Thanks!

Edit: AES with SHA-1 does not work either.

sriram
Posts: 3
Joined: Mon Sep 24, 2018 5:39 pm

Re: L2TP/IPSec Cipher Suites support?

Post by sriram » Wed Sep 26, 2018 8:34 pm

Just a bump to see if anyone knows what cipher suites the IPsec implementation in SoftEther supports and how to force a non-3DES encryption. Thanks!

opienof
Posts: 2
Joined: Sat Oct 06, 2018 6:23 am

Re: L2TP/IPSec Cipher Suites support?

Post by opienof » Sat Oct 06, 2018 6:32 am

You can specify Phase1/Phase2 algorithms on client side, something like this
42413191-beea17dc-820a-11e8-94da-98de099ca3d9.png
You do not have the required permissions to view the files attached to this post.

sriram
Posts: 3
Joined: Mon Sep 24, 2018 5:39 pm

Re: L2TP/IPSec Cipher Suites support?

Post by sriram » Sat Oct 06, 2018 3:03 pm

I've tried doing that on my Ubuntu box but the VPN will not connect for any cipher suite other than 3DES-SHA1.

opienof
Posts: 2
Joined: Sat Oct 06, 2018 6:23 am

Re: L2TP/IPSec Cipher Suites support?

Post by opienof » Sun Oct 14, 2018 1:58 pm

I use NetworkManager-l2tp-gnome in cojunction with NetworkManager-libreswan, which is missing in Ubuntu but available on fedora

Post Reply