Upload
omar-lakrary
View
66
Download
2
Tags:
Embed Size (px)
Citation preview
How To Configure Windows 7 VPN Client for L2TP connection with MS-CHAP v2 Authentication
Applicable to Version: 10.00 onwards
Cyberoam has extended the authentication protocol support to MS-CHAP v2 for L2TP. Until previous
versions, Cyberoam supported PAP authentication only.
MS-CHAP-V2 is the Microsoft Challenge-Handshake Authentication Protocol v2. CHAP provides the
same functionality as PAP, but does not send the password and other user information over the
network.
This document has 3 sections:
1. Cyberoam Configuration
2. CLI Configuration
3. Windows 7 Configuration
Cyberoam Configuration
The entire configuration is to be done from Web Admin console. Access Web Admin console with
user having Administrator profile.
Note:
PPTP and L2TP connections established using MSCHAPv2 or CHAP protocol can be authenticated
through RADIUS or Local authentication server.
For AD Authentication, the AD Server should be behind a RADIUS Server and passwords should be
stored in reversible encrypted form.
Step 1
Go to VPN L2TP Configuration to configure L2TP Settings.
Parameters Value
General Settings
Local IP Address PortA 172.16.16.120
Assign IP from 172.16.16.221- 172.16.16.225
Specify IP address range if L2TP server has to
lease IP Addresses. This range preferably should
be in a different range other than any of the
Cyberoams Local Subnet.
Client Information
Primary DNS Server 4.2.2.2
Secondary DNS
Server
1.1.1.1
How To Configure Windows 7 VPN Client for L2TP
connection with MS-CHAP v2 Authentication
How To Configure Windows 7 VPN Client for L2TP connection with MS-CHAP v2 Authentication
Click on Apply and the L2TP Configuration will be added successfully.
Step 2
Go to VPN L2TP Connection to manage the L2TP Connection. Click on Add button to add a
new connection.
Parameters Value
General Settings
Name L2TP
Policy DefaultL2TP
Action on VPN Restart Respond Only
How To Configure Windows 7 VPN Client for L2TP connection with MS-CHAP v2 Authentication
Authentication Details
Authentication Type Preshared Key
Preshared Key Configure password as required
Confirm Preshared Key Type the same password as in above field
Local Network Details
Local WAN Port PortB 192.168.13.120
Remote Network Details
Remote Host *
Specify IP address of remote peer/host. Specify * for any
IP address
Allow NAT Traversal Checked
Remote LAN Network Any
Select IP addresses and netmask of remote network
which is allowed to connect to the Cyberoam server
through VPN tunnel.
Quick Mode Selectors
Local Port 1701
Remote Port *
Click OK button and the L2TP connection L2TP will be added successfully.
How To Configure Windows 7 VPN Client for L2TP connection with MS-CHAP v2 Authentication
Step 3
Activate the connection by clicking on the red icon under Active column and the connection will be
activated successfully.
Step 4
Perform the steps as mentioned in the CLI Configuration section and then go to Step 5
Step 5
Once the authentication mechanism is set in Cyberoam, you need to add the users in the L2TP
configuration in Cyberoam.
Go to L2TP Configuration (as created in Step 1) and click on Add Members button to define users.
Select the Groups and Users to give L2TP VPN access.
Click Apply button to add these users and user groups to the L2TP members list.
How To Configure Windows 7 VPN Client for L2TP connection with MS-CHAP v2 Authentication
CLI Configuration
This configuration is to be done from CLI Console (Telnet/SSH)
Step 1
Login to CLI Console and Go to Option 4 Cyberoam Console and press Enter
Step 2
Set the authentication mechanism for your client
Type the command set vpn l2tp authentication MS_CHAPv2 to use MSCHAP v2 authentication
for your clients.
Note:
You can also set the authentication to CHAP or PAP or ANY depending on your requirement.
How To Configure Windows 7 VPN Client for L2TP connection with MS-CHAP v2 Authentication
Windows 7 Configuration
The following procedures outline how to configure a Windows 7 VPN client to access resources
behind a Cyberoam Appliance that has been set up to accept L2TP connections.
Set up a L2TP connection on a Windows 7 client as follows:
Step 1
Go to Start Control Panel Network and Sharing Center and click Set up a new connection or
network.
How To Configure Windows 7 VPN Client for L2TP connection with MS-CHAP v2 Authentication
Step 2
Select Connect to a workplace and click Next.
Step 3
Select Use my Internet connection.
How To Configure Windows 7 VPN Client for L2TP connection with MS-CHAP v2 Authentication
Step 4
In the Internet address field, type the WAN IP address of the Cyberoam and click Next.
Note:
WAN IP address should be same as specified in Local WAN Port field under Local Network Details in
L2TP Connection.
How To Configure Windows 7 VPN Client for L2TP connection with MS-CHAP v2 Authentication
Step 5
A windows dialer will open automatically. Specify valid username and password and click Connect.
Step 6
A connection will be established. Go to Start Control Panel Network and Sharing Center and
click Connect to a network to view the connection.
How To Configure Windows 7 VPN Client for L2TP connection with MS-CHAP v2 Authentication
Step 7
Open the connection properties and set the below settings in client.
Select the IP address in the general tab.
How To Configure Windows 7 VPN Client for L2TP connection with MS-CHAP v2 Authentication
Step 8
In Security tab, Select Layer 2 Tunneling Protocol with IPSec (L2TP/IPSec) as Type of VPN, Select
Data Encryption depending on your requirement and enable Microsoft CHAP Version 2 and click OK.
Step 9
Click Advanced Settings and enable Use preshared key for authentication. Specify preshared key
and click OK.
Click Ok and connect the VPN.
How To Configure Windows 7 VPN Client for L2TP connection with MS-CHAP v2 Authentication
Step 10
Specify valid username and password and Click Connect.
Note:
Login to CLI console and go to option 4 Cyberoam Console and type the command - show vpn
logs to check the logs.
These logs help in troubleshooting in case the L2TP connection fails.
Document Version 1.0 23/06/2011