Business Community > Routers > ER605 Weak VPN algos
< Routers

ER605 Weak VPN algos

ER605 Weak VPN algos

ER605 Weak VPN algos
ER605 Weak VPN algos
2024-04-18 06:36:33 - last edited 2024-04-18 09:33:11
Tags: #VPN #Gateway ACL
Model: ER7206 (TL-ER7206)   ER605 (TL-R605)   ER707-M2  
Hardware Version: V2
Firmware Version: 2.2.4 20240119 44368

I have noticed on the ER605/ER7206/ER707-M2 that when you enable L2TP it auto creates a IPsec tunnel. Sadly it defaults to the SHA1 algorithms I have also noticed it does this by default for OPEN VPN as well when it create the config file.

 

Seems kinda silly to force you into using SHA1 any plans to allow us to configure the IPsec section of L2TP? I am trying to setup a proxy gateway but https://www.tp-link.com/us/support/faq/3842/ but cannot use the weak SHA1.


Its a shame we cannot setup routing polices with IPsec.

Anyway we can set this up with us IPsec  https://www.tp-link.com/us/support/faq/3842/ or another method. I do not want theses devices to communicate with the internet unless they route via the VPN server gateway.

Maybe any tips to force this to route via VPN server gateway and a ACL method to block traffic leaving the local gateway on the satellite location?
 

  0      
 
  0      
 
#1
Options
5 Reply
Re:ER605 Weak VPN algos
2024-04-18 06:45:29

   

  0  
  0  
#3
Options
Re:ER605 Weak VPN algos
2024-04-18 17:56:43

I am currently Looking into a way to change this in the backend using the CLI.

Any help from TP link would be great

  0  
  0  
#4
Options
Re:ER605 Weak VPN algos
2024-04-19 02:19:48

Hi @SHA2
SHA2 is not supported. No plans for this so far. This is the first time we have had such feedback. Team will evaluate this. Thanks for the feedback. No ETA will be provided at this moment.

 

Second question, no.

Best Regards! If you are new to the forum, please read: Howto - A Guide to Use Forum Effectively. Read Before You Post. Look for a model? Search your model NOW Official and Beta firmware. NEW features! Subscribe for the latest update!Download Beta Here☚ ☛ ★ Configuration Guide ★ ☚ ☛ ★ Knowledge Base ★ ☚ ☛ ★ Troubleshooting Manual ★ ☚ (Disclaimer: Short links are used above solely for guidance to TP-Link subdomains and are safe and tracker-free. Exercise caution with short links from non-official members on forums. We are not liable for external content or damage from non-official members' link use.)
  0  
  0  
#5
Options
Re:ER605 Weak VPN algos
2024-04-20 01:01:09

  @Clive_A But you do support this. We can fully configure and setup SHA2 on IPsec. 

 

But for some reason you dont let us confiure it in L2TP

  0  
  0  
#6
Options
Re:ER605 Weak VPN algos
2024-04-22 01:19:34

Hi @SHA2 

Thanks for posting in our business forum.

SHA2 wrote

  @Clive_A But you do support this. We can fully configure and setup SHA2 on IPsec. 

 

But for some reason you dont let us confiure it in L2TP

The whole topic and main subject is L2TP. Don't divert this topic into something different, please.

That's what you posed in the OP and you wrote: "Seems kinda silly to force you into using SHA1 any plans to allow us to configure the IPsec section of L2TP? I am trying to setup a proxy gateway but https://www.tp-link.com/us/support/faq/3842/ but cannot use the weak SHA1. "

 

Because it does not support it in L2TP from the code level. It is not added/supported. That's what I am trying to describe. I am aware that the IPsec supports SHA2 now.

Best Regards! If you are new to the forum, please read: Howto - A Guide to Use Forum Effectively. Read Before You Post. Look for a model? Search your model NOW Official and Beta firmware. NEW features! Subscribe for the latest update!Download Beta Here☚ ☛ ★ Configuration Guide ★ ☚ ☛ ★ Knowledge Base ★ ☚ ☛ ★ Troubleshooting Manual ★ ☚ (Disclaimer: Short links are used above solely for guidance to TP-Link subdomains and are safe and tracker-free. Exercise caution with short links from non-official members on forums. We are not liable for external content or damage from non-official members' link use.)
  1  
  1  
#7
Options

Information

Helpful: 0

Views: 253

Replies: 5

Tags

VPN Gateway ACL
Related Articles
ER605 does not retry VPN connection
1089 0
ER605 LT2P VPN is not routing through VPN
827 0
VPN IPSEC IKEv2 on er605 v2
1381 0
ER605 VPN client
1161 0
ER605 - Updated Firmware, VPN Failure
731 0
ER605 - IPSec VPN / Remote Subnets & Adopting ER605 to remote OC200
452 0
About Us
Press
Copyright © TP-LINK CORPORATION PTE. LTD. All rights reserved.