L2TP or IKEv2 VPN Server Possible? Apple is removing PPTP

Post new topic   Reply to topic    DD-WRT Forum Index -> Broadcom SoC based Hardware
Goto page 1, 2, 3, 4  Next
Author Message
DaveTheNerd
DD-WRT User


Joined: 15 Jul 2008
Posts: 317

PostPosted: Tue Jun 21, 2016 13:24    Post subject: L2TP or IKEv2 VPN Server Possible? Apple is removing PPTP Reply with quote
Now that Apple has removed PPTP Client support from the upcoming iOS 10 and macOS Sierra, many of us will need to use a different VPN for our DD-WRT routers. I realize OpenVPN is supported natively in DD-WRT, but that's not supported natively by the operating systems (and also requires certs to configure, which makes it difficult to setup remotely on-the-fly).

With that in mind: has anyone successfully gotten an L2TP or IKEv2 VPN server running on their routers? I'm using Kong's builds on my R8500 now, so I think entware is an easy option.

Thanks!
Sponsor
chrisduk112
DD-WRT Novice


Joined: 10 Jun 2014
Posts: 3

PostPosted: Thu Jun 30, 2016 12:16    Post subject: Reply with quote
i too need this answer.. i'm running iOS 10 and can no longer VPN to my router as PPTP has been removed.
Per Yngve Berg
DD-WRT Guru


Joined: 13 Aug 2013
Posts: 6856
Location: Romerike, Norway

PostPosted: Fri Jul 01, 2016 17:48    Post subject: Reply with quote
Have you looked for an OpenVPN client in App Store?
<Kong>
DD-WRT Guru


Joined: 15 Dec 2010
Posts: 4339
Location: Germany

PostPosted: Fri Jul 01, 2016 18:39    Post subject: Re: L2TP or IKEv2 VPN Server Possible? Apple is removing PPT Reply with quote
DaveTheNerd wrote:
Now that Apple has removed PPTP Client support from the upcoming iOS 10 and macOS Sierra, many of us will need to use a different VPN for our DD-WRT routers. I realize OpenVPN is supported natively in DD-WRT, but that's not supported natively by the operating systems (and also requires certs to configure, which makes it difficult to setup remotely on-the-fly).

With that in mind: has anyone successfully gotten an L2TP or IKEv2 VPN server running on their routers? I'm using Kong's builds on my R8500 now, so I think entware is an easy option.

Thanks!


You probably missed the fact, that my builds already come with "optware" support. You only need to mount a partition to /opt either by uuid or label and then run script "bootstrap" after that you can install packages that are dd-wrt compatible. Means they are compiled with a dd-wrt compatible toolchain, entwares build chain is not fully compatible with dd-wrt and certain things cannot work.

Besides that my packages offer better security as it makes uses of crypto signatures.

But regarding the pissue, you should check which packages is suited for this. I only have a subset of packages in use, some might need a few fixes or config changes to run out of the box.

_________________
KONG PB's: http://www.desipro.de/ddwrt/
KONG Info: http://tips.desipro.de/
ygi
DD-WRT Novice


Joined: 17 Sep 2012
Posts: 2

PostPosted: Mon Sep 19, 2016 15:14    Post subject: Reply with quote
Hello,

I wasn't aware of this change until I upgraded my phones and tablet. Now I cannot connect anymore to my VPN.

I have tried to understand how to configure the OpenVPN, but it is quite complex to understand and which tools are needed.

What have you done so far ? Any L2TP or IKEv2 protocol ?

Because I have also understood nothing about the "optware support". I have no idea what to do with this info.

Any help will be greatly appreciated.

yves
immyran
DD-WRT Novice


Joined: 19 May 2014
Posts: 3

PostPosted: Tue Sep 27, 2016 6:52    Post subject: Reply with quote
ygi wrote:
Hello,

I wasn't aware of this change until I upgraded my phones and tablet. Now I cannot connect anymore to my VPN.

I have tried to understand how to configure the OpenVPN, but it is quite complex to understand and which tools are needed.

What have you done so far ? Any L2TP or IKEv2 protocol ?

Because I have also understood nothing about the "optware support". I have no idea what to do with this info.

Any help will be greatly appreciated.

yves


I am in the same situation, Would be grateful if anyone can help.

Regards,
salzrat
DD-WRT Novice


Joined: 20 Dec 2014
Posts: 35

PostPosted: Tue Sep 27, 2016 6:54    Post subject: Reply with quote
I think we need to enable OpenVPN server on the dd-wrt router, and connect using an OpenVPN client (which is available from the AppStore).
JAMESMTL
DD-WRT Guru


Joined: 13 Mar 2014
Posts: 856
Location: Montreal, QC

PostPosted: Tue Sep 27, 2016 7:34    Post subject: Reply with quote
the official openvpn client from the app store has been working really well for years now. once you configure a server by importing the ovpn config file it integrates directly in the settings vpn section. just select the server and hit connect just as you would do for a pptp.
<Kong>
DD-WRT Guru


Joined: 15 Dec 2010
Posts: 4339
Location: Germany

PostPosted: Tue Sep 27, 2016 8:33    Post subject: Reply with quote
Softether which supports IPSEC is in the works, first test looks ok, just needs a bit of polishing in the webif.
_________________
KONG PB's: http://www.desipro.de/ddwrt/
KONG Info: http://tips.desipro.de/
DaveTheNerd
DD-WRT User


Joined: 15 Jul 2008
Posts: 317

PostPosted: Tue Sep 27, 2016 11:29    Post subject: Reply with quote
<Kong> wrote:
Softether which supports IPSEC is in the works, first test looks ok, just needs a bit of polishing in the webif.


Great news, Kong! Glad to hear it, and am looking forward to testing it.
immyran
DD-WRT Novice


Joined: 19 May 2014
Posts: 3

PostPosted: Tue Sep 27, 2016 12:35    Post subject: Reply with quote
<Kong> wrote:
Softether which supports IPSEC is in the works, first test looks ok, just needs a bit of polishing in the webif.


I am running softether app on my windows PC as a workaround at the moment which means I have I keep the PC on all the time.

Are you going to embed Softether within dd-wrt firmware?

Kind Regards,
qGUBcZWwBHb1
DD-WRT Novice


Joined: 27 Jan 2015
Posts: 32

PostPosted: Tue Sep 27, 2016 22:54    Post subject: Reply with quote
Buy macOS server, port forward from router according, use IKEv2 and a long PSK (30chars)
DaveTheNerd
DD-WRT User


Joined: 15 Jul 2008
Posts: 317

PostPosted: Wed Sep 28, 2016 3:21    Post subject: Reply with quote
One thing to remember with all of this is to turn off Back to my Mac on ALL your local Macs if you're going to use IKEv2/IPSec. BTTM will forward UDP 500 via UPnP and completely trample upon whatever you've got setup for 500 for your VPN.
DaveTheNerd
DD-WRT User


Joined: 15 Jul 2008
Posts: 317

PostPosted: Wed Sep 28, 2016 12:35    Post subject: Reply with quote
<Kong> wrote:
Softether which supports IPSEC is in the works, first test looks ok, just needs a bit of polishing in the webif.


This is not yet in your 30700 test build, correct?
lyuan
DD-WRT User


Joined: 05 Apr 2011
Posts: 85

PostPosted: Wed Sep 28, 2016 18:31    Post subject: Reply with quote
Hey Guys,

I've been dealing with this for a bit as well. I think, at this moment, there are a few options for people transitioning to a life without PPTP:

I own a Synology NAS, so ever since the new iOS upgrade, I just enabled the VPN server on the NAS and port forwarded all relevant L2TP ports to it. If you are willing to port forward there are a myriad of VPN solutions available to you, including Windows Server's own RRAS services.

That being said, I do like the VPN right on the routing device, independent of any other system; this offers the least complicated infrastructure setup, and I can still connect to my network regardless if my back-end devices are up or not, which I consider a huge advantage.

Unfortunately, the only way to do this at the moment is through OpenVPN, and setting it up on the router could prove complicated for some.
Goto page 1, 2, 3, 4  Next Display posts from previous:    Page 1 of 4
Post new topic   Reply to topic    DD-WRT Forum Index -> Broadcom SoC based Hardware All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum