The ranting of an IT Professional » PAP http://itknowledgeexchange.techtarget.com/it-rant Mon, 19 Sep 2011 18:30:04 +0000 en-US hourly 1 Using PAP in OSX L2TP VPN connections http://itknowledgeexchange.techtarget.com/it-rant/using-pap-in-osx-l2tp-vpn-connections/ http://itknowledgeexchange.techtarget.com/it-rant/using-pap-in-osx-l2tp-vpn-connections/#comments Fri, 25 Feb 2011 22:25:35 +0000 Jason Tramer http://itknowledgeexchange.techtarget.com/it-rant/using-pap-in-osx-l2tp-vpn-connections/ I know some people go absolutely head over heels in love with Mac’s but personally I don’t see the appeal. They are a complete pain IMO to configure the simplest options.

For example, when you are setting up a L2TP VPN connection do you think it might be helpful to set the authentication protocol as something other than MSCHAP v2? Maybe you want to us PAP? Well you can’t, not in the screen any ways. Here is the convoluted MAC way of doing it.

Create the /etc/ppp/options file with the following contents:

refuse-chap

refuse-mschap

refuse-mschap-v2

Wow, that is just great.

]]> http://itknowledgeexchange.techtarget.com/it-rant/using-pap-in-osx-l2tp-vpn-connections/feed/ 0 Cisco ASA L2TP issues with LDAP authentication http://itknowledgeexchange.techtarget.com/it-rant/cisco-asa-l2tp-issues-with-ldap-authentication/ http://itknowledgeexchange.techtarget.com/it-rant/cisco-asa-l2tp-issues-with-ldap-authentication/#comments Thu, 26 Nov 2009 22:40:55 +0000 Jason Tramer http://itknowledgeexchange.techtarget.com/it-rant/cisco-asa-l2tp-issues-with-ldap-authentication/ So I configured my ASA to provide L2TP remote access VPN. I originally set it up with a local user database and it worked fine. After I decided to tie it in to LDAP so I could authenticate against Active Directory. I set up my LDAp integration and used the built-in test tool to make sure it worked, and it did. However every time I tried to log in with a AD account I got authentication failures. So I eventually gave up and placed a call with Cisco TAC and do you know what I found out? If you want to use LDAP authentication with L2TP RA vpn you have to use PAP because LDAP authentication isn’t supported with CHAP. The practical effect of this is that when your ASA sends the passwords to your DC it is in clear text.

Cisco kind of has you over the barrel when it comes to RA vpn. You could go with SSL vpn but the licences are hideously expensive. You could do IPSec vpn but they don’t have a 64 bit client nor are they planning on making one from what I heard. You could do L2TP but if you want LDAP integration you have to send passwords in clear text unless you set up LDAP over SSL. Not to mention that the ASA’s no longer even support PPTP.

It is more then a little annoying I have to say.

]]> http://itknowledgeexchange.techtarget.com/it-rant/cisco-asa-l2tp-issues-with-ldap-authentication/feed/ 1