[olug] [OT] pptp IPsec

Phil Brutsche phil at brutsche.us
Thu Jun 16 23:00:27 UTC 2011 

Cisco ASA boxes, and PIX boxes that run 7.0 and higher, do not support PPTP.

For a RA (aka remote access) VPN on an ASA, you have 3 options:

a) SSL
b) Cisco's IPsec VPN client
c) L2TP/IPsec

In this case, I suspect you mean the last one (L2TP/IPsec).

When they say L2TP, they mean L2TPv2. For all intents and purposes,
L2TPv2 is UDP-encapsulated PPP and only supports usernames and passwords
for security - hence the IPsec in "L2TP/IPsec". The remote client
initiates a transport-mode IPsec "tunnel" before it tries to talk L2TP
to the firewall. If the client can't talk IPsec to the firewall, it does
not attempt to open the L2TP session.

In comparison, PPTP is GRE-encapsulated PPP with RC4 encryption, with (I
believe) the encryption key generated from your NTLMv2 hash. Said hash
is trivially brute-forced.

In general, L2TP/IPsec is as secure as IPsec is and is 1000% better than
PPTP.

The manpage for VPNC is referring to these issues:

a) In theory, pre-shared keys in your ISAKMP daemon are vulnerable to
brute-forcing. In practice, it doesn't happen. *If* it happens, it is a
targeted attack. You see more brute force attempts against telnet or SSH.

For a pre-shared key, I recommend no less than 32 characters. I've used
pre-shared keys 72 characers long (using secure mode from pwgen) and
haven't run into interoperability problems.

Site-to-site IPsec tunnels will also tie the pre-shared key to an IP
number, making it more difficult to brute-force them.

b) The biggest issue is your IPsec phase 1 authentication. If you use
pre-shared keys with RA IPsec, it HAS TO be the same for EVERYONE and
you HAVE TO give it to EVERYONE who's going to use it. It doesn't matter
whether or not you use L2TP, or a Cisco box, or a pfSense box.

Any IPsec client worth using will support X.509 certificates. There are
a lot of IPsec road warrior how-tos out there that say "don't use PSKs,
use X.509 certificates", and specifically cite the PSK issue above as
the reason.

In practice, this is not as big a concern as they make it out to be.
Most IPsec clients support what's called X-Auth, where the remote client
is prompted for a username and password as part of the phase 1
authentication. The username and password combination is encrypted with
whatever encryption algorithm is negotiated during phase 1. 3DES and AES
are most common.

When X-Auth is enabled, having the pre-shared key isn't enough to get
you into the network, you MUST have valid credentials in the user
database. The user database can be external (ie LDAP or RADIUS), or
internal to the device.

L2TP/IPsec doesn't use X-Auth. L2TP (which, as you may recall, is
basically PPP-in-UDP) handles the username and password.

As far as ASAs being Linux boxes go: ASA code 8.1 and higher use a Linux
kernel as a base (the newer/bigger ASA boxes are "SMP" aka multicore
Intel). As far as an ASA is a "Linux box", don't think of them as such.
A Linux machine is more than just the kernel. The "userland", as it
were, is 100% Cisco.

Re SSH: Cisco has supported SSH for years; their SSH service was forked
from the orignal SSH 1.x in the '90s and is developed independently of
the OpenSSH daemon.

On 6/16/2011 3:49 PM, Rob Townley wrote:
> i came across someone else's cisco asa 5505 today which is setup with
> ipsec and pptp xauth.  The pptp disturbed me especially.  It didn't
> even try to use CHAPv2.  i figured maybe  pptp over IPsec should be ok
> because IPsec provides an underlying layer of encryption and pptp is
> just doing identity management.
> 
> Then when i got back home on my Fedora box, `man vpnc` displays this warning:
>      OBLIGATORY  WARNING: the most used configuration
>      (XAUTH authentication with pre-shared keys and password authentication)
>      is insecure by design, be aware of this fact when you use vpnc to exchange
>      sensitive data like passwords!
> 
> i do know L2TP is much better.  i would _LOVE_ to go off into a
> tangent far into deep cyberspace, but i would never come back.
> Anybody wanna back up the manpage with more detail?  i know PPTP is
> easily popped open, but a little grey is pptp over ipsec.
> 
> p.s. i understand these to be BSD or Linux based Cisco systems and i
> could get a ssh prompt.  Anybody have further details

-- 

Phil Brutsche
phil at brutsche.us

More information about the OLUG mailing list