ER605 help me please to setup a more secure L2TP/IPSEC tunnel

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.

ER605 help me please to setup a more secure L2TP/IPSEC tunnel

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
ER605 help me please to setup a more secure L2TP/IPSEC tunnel
ER605 help me please to setup a more secure L2TP/IPSEC tunnel
2023-10-17 22:37:21 - last edited 2023-10-18 08:13:01
Model: ER605 (TL-R605)  
Hardware Version: V2
Firmware Version: 2.1.2

Hi All !

 

I'm using two ER605 to setup a S2S (LAN to LAN)  VPN between my Home and my Weekend House. 

(I have no OC200 or OC300 controller which is used in most of the Youtube videos)

 

The weekend house is the L2TP Client setup as Ipsec Encrypted and Home is he L2TP server.

 

It's a simple setup I've just setup the L2TP server and client, chosen Encrypted and it's working nicely.

However I can see that this default encryption method is only SHA-1 AES-128. 

 

What would be the right steps to setup a more strongly encrpypted Ipsec in the tunnel ?

I'd expected to setup an Ipsec Policy and then choose it to be used at the L2TP but either I don't understand the logic or I' doing something wrong, but it's not clear. 

 

Any help is appreciated, thanks in advance. 

 

 

  0      
  0      
#1
Options
1 Accepted Solution
Re:ER605 help me please to setup a more secure L2TP/IPSEC tunnel-Solution
2023-10-18 02:30:06 - last edited 2023-10-18 08:13:01

  @MonsterVic 

 

Sorry but as I know you won't be able to choose the encryption method if you choose L2TP over IPsec, if you wanna use some other encryption, just use IPsec then.

"SY" is a 22-year old boy presenting to the tp-link community with brain empty. Take care of yourself, and be well. Loycechan030
Recommended Solution
  0  
  0  
#2
Options
6 Reply
Re:ER605 help me please to setup a more secure L2TP/IPSEC tunnel-Solution
2023-10-18 02:30:06 - last edited 2023-10-18 08:13:01

  @MonsterVic 

 

Sorry but as I know you won't be able to choose the encryption method if you choose L2TP over IPsec, if you wanna use some other encryption, just use IPsec then.

"SY" is a 22-year old boy presenting to the tp-link community with brain empty. Take care of yourself, and be well. Loycechan030
Recommended Solution
  0  
  0  
#2
Options
Re:ER605 help me please to setup a more secure L2TP/IPSEC tunnel
2023-10-18 07:15:01

  @Loycelover- 

 

I see, thank you for your reply.

  0  
  0  
#3
Options
Re:ER605 help me please to setup a more secure L2TP/IPSEC tunnel
2024-04-18 18:44:43 - last edited 2024-04-18 18:45:39

Is there no wait to change this in the CLI? IDK why TP link cannot allow us to manully config the IPSec tunnel 

https://www.tp-link.com/us/support/faq/3842/

If we want to use the VPN server as a proxy gateway we stuck using ikev1 and sha1? why does this auto config to such a weak algo?

  0  
  0  
#4
Options
Re:ER605 help me please to setup a more secure L2TP/IPSEC tunnel
2024-04-18 18:46:48

  @SHA2 

 

Changed to Wireguard :) Problem solved.

  0  
  0  
#5
Options
Re:ER605 help me please to setup a more secure L2TP/IPSEC tunnel
2024-04-18 21:31:36

  @MonsterVic What speeds do you get?

  0  
  0  
#6
Options
Re:ER605 help me please to setup a more secure L2TP/IPSEC tunnel
2024-04-18 21:56:34

  @SHA2 

 

I don't have exact measures availiable for yoo right now, but it's enough to constanlty transfer 2x4k camera video, plus opposite direction to watch 1080p Movies remote...as far as I rememeber when I did the measures it has hit the 100Mbit rate. (Line is 1 Gbit). So it was good enough for my needs, and definitely faster and more secure than the oldschool VPN formats.   

  1  
  1  
#7
Options