Community discussions

MikroTik App
 
jo2jo
Forum Veteran
Forum Veteran
Topic Author
Posts: 970
Joined: Fri May 26, 2006 1:25 am

mt to mt l2tp tunnels encrypted or not?

Wed Sep 10, 2014 4:19 am

i constatly read to use Ipsec across your l2tp tunnels for true encryption (which ive slowly been adding to each of my many l2tp links), and that data flowing across a l2tp tunnel is NOT encrypted.

however i do not understand this line from the MT manual:

L2TP is a secure tunnel protocol for transporting IP traffic using PPP. L2TP encapsulates PPP in virtual lines that run over IP, Frame Relay and other protocols. L2TP incorporates PPP and MPPE (Microsoft Point to Point Encryption) to make encrypted links.

My question is, i have several MT to MT devices connecting private networks across L2TP tunnels ( said L2TP tunnels go across the internet ofcorse), IS the traffic flowing across these L2TP tunnels encrypted if for example someone were to sniff those l2tp tunnels as they cross the internet? the encoding on my mt to mt l2tp tunnels shows up as MPPE128 stateless (Microsoft Point to Point Encryption) so that to me says its encrypted....right or wrong??

[admin@xxx] /ppp active> pr
Flags: R - radius
# NAME SERVICE CALLER-ID ADDRESS UPTIME ENCODING
0 clxxx l2tp 174.6x.xxx.xx 192.168.4.117 6d8h2... MPPE128 stateless
1 prxxxx l2tp 64.3x.xxx.xx 192.168.4.156 6d8h2... MPPE128 stateless
2 raxxx l2tp 174.7x.xxx.xxx 192.168.4.124 6d8h2m8s MPPE128 stateless
.......

thanks!
:beep :beep :beep
 
jo2jo
Forum Veteran
Forum Veteran
Topic Author
Posts: 970
Joined: Fri May 26, 2006 1:25 am

Re: mt to mt l2tp tunnels encrypted or not?

Wed Sep 10, 2014 4:21 pm

To add some additional information, I did a /tool packet sniff of my public Internet interface of the packets of a mt to mt L2TP vpn tunnel connection with MPPE 128 shown as the "encoding" and then analyzed the .cap with wireshark. In wireshark I applied decode as L2TP on the entire l2tp handshake , and across the L2TP tunnel I did a telnet session to the client microtech (just something un encrypted to look for in the packet sniff) and I could not find the telnet contents anywhere in the packets data. Even with "decoding as L2TP" in wireshark I could see the l2tp handshake between the two mikrotiks properly followed by several packets that showed up as PPP compressed (obviously the data of my telnet session) But this was all garbled text. I'm assuming the PPP compress packets are either the MPPE128 (encryption) or just regular PPP compression (not encryption just compression) however from what I looked up online, wireshark should be able to decode regular unencrypted PPP compression as I applied the PPP compression "decode as filter" in wireshark as well and still got garbled text. Or it's possible in the wireshark I'm doing something wrong or wireshark might not be decoding this properly.

Ive searched Google for several days trying to find an answer to this but the only thing that comes up for MPPE 128 encryption is when it is used in a PPTP VPN tunnel.

Maybe someone for mikrotik can chime in? Does routeOS in some special way apply MPPE 128 encryption to L2TP tunnels in a special proprietary way?

Thanks
:beep :beep :beep

Who is online

Users browsing this forum: Bing [Bot], joffrey575, rightwire, Sob, szymonzdziabek, zdiv and 85 guests