Kadirvel C Vanniarajan said:Hi Tim,
The encryption depends on the settings. The default is MSChap where hashes
are generated to validate the user credentials. You can go for certificate
based authentication as well with EAP. L2TP/IPSec provides better security
with all the packets being encrypted end-to-end. Also, there is PAP (which
passes credentials in clear) which is disabled by default.
RRAS does not provide SSL-based VPN solution.
--
Kadir
(e-mail address removed) [MSFT]
This posting is provided "AS IS" with no warranties, and confers no rights.
Tim Hellebuyck said:Does anyone know the level of encryption that is used to pass credentials
from remote users to a RRAS server. Is this in clear text, kerberos
encryption by default, etc? Also, is there a way to use SSL for VPN on RRAS?
Tim Hellebuyck said:What about PPTP?
Kadirvel C Vanniarajan said:Hi Tim,
The encryption depends on the settings. The default is MSChap where hashes
are generated to validate the user credentials. You can go for certificate
based authentication as well with EAP. L2TP/IPSec provides better security
with all the packets being encrypted end-to-end. Also, there is PAP (which
passes credentials in clear) which is disabled by default.
RRAS does not provide SSL-based VPN solution.
--
Kadir
(e-mail address removed) [MSFT]
This posting is provided "AS IS" with no warranties, and confers no rights.
Tim Hellebuyck said:Does anyone know the level of encryption that is used to pass credentials
from remote users to a RRAS server. Is this in clear text, kerberos
encryption by default, etc? Also, is there a way to use SSL for VPN on RRAS?
Kadirvel C Vanniarajan said:With PPTP also, you get the same set of authentication packages as with
L2TP/IPSec (MSCHAP, MSCHAPV2, EAP etc). But one added advantage of
L2TP/IPSec is that the user name also will get protected through IPSec since
the entire packet exchange used to negotiate the L2TP tunnel gets protected.
--
Kadir
(e-mail address removed) [MSFT]
This posting is provided "AS IS" with no warranties, and confers no rights.
Tim Hellebuyck said:What about PPTP?
Kadirvel C Vanniarajan said:Hi Tim,
The encryption depends on the settings. The default is MSChap where hashes
are generated to validate the user credentials. You can go for certificate
based authentication as well with EAP. L2TP/IPSec provides better security
with all the packets being encrypted end-to-end. Also, there is PAP (which
passes credentials in clear) which is disabled by default.
RRAS does not provide SSL-based VPN solution.
--
Kadir
(e-mail address removed) [MSFT]
This posting is provided "AS IS" with no warranties, and confers no rights.
Does anyone know the level of encryption that is used to pass credentials
from remote users to a RRAS server. Is this in clear text, kerberos
encryption by default, etc? Also, is there a way to use SSL for VPN on
RRAS?