Flex 200 - L2TP Pre-shared Key

Options
mm_bret
mm_bret Posts: 62  Ally Member
First Anniversary 10 Comments

I want to be sure I understand how the router isolates Preshared Keys.

It is my understanding each defined gateway can have it's own unique key.

So an ipsec site-to-site gateway can have it's unique key and my l2tp gateway can have it's own unique key.

Currently I cannot create an l2tp vpn unless the pre shared key is the same as the

defined ipsec site-to-site key.

Feels like a bug. I would expect each tunnel to operate separately with it's own

unique key.

All Replies

  • PeterUK
    PeterUK Posts: 2,917  Guru Member
    Community MVP First Anniversary 10 Comments Friend Collector
    Options

    From what I understand is the Preshared Key happens after setting up encryption to relay the key at which point it fails to match however as found out if the connecting side needs to encryption or Authentication at a given level

    Say

    Phase 1

    Encryption AES256

    Authentication SHA256

    Preshared Key 1

    Then another

    Phase 1

    Encryption AES256

    Authentication SHA1

    Preshared Key 2

    Then you can have two site to site

    or use peer ID type IPv4

    or vote for this for DNS FQDN way

    https://community.zyxel.com/en/discussion/22111/fqdn-by-dns-lookup-for-peer-id-type#latest

  • mm_bret
    mm_bret Posts: 62  Ally Member
    First Anniversary 10 Comments
    Options

    Let me phrase differently.

    If I have a site-to-site vpn using 1234567890 as my preshared gateway key.

    and

    I have an L2TP vpn using soccerball as my preshared key.

    If the site to site is off, shouldn't the l2tp sync up using the soccerball key?

    So far it will not.

    However, if I change the soccerball key to 1234567890, the L2TP connects.

    I will test on a couple other Flex 200's, I have several, and it seems that they behave different.

    Thanks Peter

Security Highlight