ER605 Weak VPN algos

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.

ER605 Weak VPN algos

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
ER605 Weak VPN algos
ER605 Weak VPN algos
2024-04-18 06:36:33 - last edited 2024-04-18 09:33:11
Hardware Version: V2
Firmware Version: 2.2.4 20240119 44368

I have noticed on the ER605/ER7206/ER707-M2 that when you enable L2TP it auto creates a IPsec tunnel. Sadly it defaults to the SHA1 algorithms I have also noticed it does this by default for OPEN VPN as well when it create the config file.

 

Seems kinda silly to force you into using SHA1 any plans to allow us to configure the IPsec section of L2TP? I am trying to setup a proxy gateway but https://www.tp-link.com/us/support/faq/3842/ but cannot use the weak SHA1.


Its a shame we cannot setup routing polices with IPsec.

Anyway we can set this up with us IPsec  https://www.tp-link.com/us/support/faq/3842/ or another method. I do not want theses devices to communicate with the internet unless they route via the VPN server gateway.

Maybe any tips to force this to route via VPN server gateway and a ACL method to block traffic leaving the local gateway on the satellite location?
 

  0      
  0      
#1
Options
5 Reply
Re:ER605 Weak VPN algos
2024-04-18 06:45:29

   

  0  
  0  
#3
Options
Re:ER605 Weak VPN algos
2024-04-18 17:56:43

I am currently Looking into a way to change this in the backend using the CLI.

Any help from TP link would be great

  0  
  0  
#4
Options
Re:ER605 Weak VPN algos
2024-04-19 02:19:48

Hi @SHA2
SHA2 is not supported. No plans for this so far. This is the first time we have had such feedback. Team will evaluate this. Thanks for the feedback. No ETA will be provided at this moment.

 

Second question, no.

Best Regards! If you are new to the forum, please read: Howto - A Guide to Use Forum Effectively. Read Before You Post. Look for a model? Search your model NOW Official and Beta firmware. NEW features! Subscribe for the latest update!Download Beta Here☚ ☛ ★ Configuration Guide ★ ☚ ☛ ★ Knowledge Base ★ ☚ ☛ ★ Troubleshooting ★ ☚ ● Be kind and nice. ● Stay on the topic. ● Post details. ● Search first. ● Please don't take it for granted. ● No email confidentiality should be violated. ● S/N, MAC, and your true public IP should be mosaiced.
  0  
  0  
#5
Options
Re:ER605 Weak VPN algos
2024-04-20 01:01:09

  @Clive_A But you do support this. We can fully configure and setup SHA2 on IPsec. 

 

But for some reason you dont let us confiure it in L2TP

  0  
  0  
#6
Options
Re:ER605 Weak VPN algos
2024-04-22 01:19:34

Hi @SHA2 

Thanks for posting in our business forum.

SHA2 wrote

  @Clive_A But you do support this. We can fully configure and setup SHA2 on IPsec. 

 

But for some reason you dont let us confiure it in L2TP

The whole topic and main subject is L2TP. Don't divert this topic into something different, please.

That's what you posed in the OP and you wrote: "Seems kinda silly to force you into using SHA1 any plans to allow us to configure the IPsec section of L2TP? I am trying to setup a proxy gateway but https://www.tp-link.com/us/support/faq/3842/ but cannot use the weak SHA1. "

 

Because it does not support it in L2TP from the code level. It is not added/supported. That's what I am trying to describe. I am aware that the IPsec supports SHA2 now.

Best Regards! If you are new to the forum, please read: Howto - A Guide to Use Forum Effectively. Read Before You Post. Look for a model? Search your model NOW Official and Beta firmware. NEW features! Subscribe for the latest update!Download Beta Here☚ ☛ ★ Configuration Guide ★ ☚ ☛ ★ Knowledge Base ★ ☚ ☛ ★ Troubleshooting ★ ☚ ● Be kind and nice. ● Stay on the topic. ● Post details. ● Search first. ● Please don't take it for granted. ● No email confidentiality should be violated. ● S/N, MAC, and your true public IP should be mosaiced.
  1  
  1  
#7
Options