Posted: Tue Jun 21, 2016 13:24 Post subject: L2TP or IKEv2 VPN Server Possible? Apple is removing PPTP
Now that Apple has removed PPTP Client support from the upcoming iOS 10 and macOS Sierra, many of us will need to use a different VPN for our DD-WRT routers. I realize OpenVPN is supported natively in DD-WRT, but that's not supported natively by the operating systems (and also requires certs to configure, which makes it difficult to setup remotely on-the-fly).
With that in mind: has anyone successfully gotten an L2TP or IKEv2 VPN server running on their routers? I'm using Kong's builds on my R8500 now, so I think entware is an easy option.
Posted: Fri Jul 01, 2016 18:39 Post subject: Re: L2TP or IKEv2 VPN Server Possible? Apple is removing PPT
DaveTheNerd wrote:
Now that Apple has removed PPTP Client support from the upcoming iOS 10 and macOS Sierra, many of us will need to use a different VPN for our DD-WRT routers. I realize OpenVPN is supported natively in DD-WRT, but that's not supported natively by the operating systems (and also requires certs to configure, which makes it difficult to setup remotely on-the-fly).
With that in mind: has anyone successfully gotten an L2TP or IKEv2 VPN server running on their routers? I'm using Kong's builds on my R8500 now, so I think entware is an easy option.
Thanks!
You probably missed the fact, that my builds already come with "optware" support. You only need to mount a partition to /opt either by uuid or label and then run script "bootstrap" after that you can install packages that are dd-wrt compatible. Means they are compiled with a dd-wrt compatible toolchain, entwares build chain is not fully compatible with dd-wrt and certain things cannot work.
Besides that my packages offer better security as it makes uses of crypto signatures.
But regarding the pissue, you should check which packages is suited for this. I only have a subset of packages in use, some might need a few fixes or config changes to run out of the box. _________________ KONG PB's: http://www.desipro.de/ddwrt/
KONG Info: http://tips.desipro.de/
Joined: 13 Mar 2014 Posts: 856 Location: Montreal, QC
Posted: Tue Sep 27, 2016 7:34 Post subject:
the official openvpn client from the app store has been working really well for years now. once you configure a server by importing the ovpn config file it integrates directly in the settings vpn section. just select the server and hit connect just as you would do for a pptp.
Softether which supports IPSEC is in the works, first test looks ok, just needs a bit of polishing in the webif. _________________ KONG PB's: http://www.desipro.de/ddwrt/
KONG Info: http://tips.desipro.de/
One thing to remember with all of this is to turn off Back to my Mac on ALL your local Macs if you're going to use IKEv2/IPSec. BTTM will forward UDP 500 via UPnP and completely trample upon whatever you've got setup for 500 for your VPN.
I've been dealing with this for a bit as well. I think, at this moment, there are a few options for people transitioning to a life without PPTP:
I own a Synology NAS, so ever since the new iOS upgrade, I just enabled the VPN server on the NAS and port forwarded all relevant L2TP ports to it. If you are willing to port forward there are a myriad of VPN solutions available to you, including Windows Server's own RRAS services.
That being said, I do like the VPN right on the routing device, independent of any other system; this offers the least complicated infrastructure setup, and I can still connect to my network regardless if my back-end devices are up or not, which I consider a huge advantage.
Unfortunately, the only way to do this at the moment is through OpenVPN, and setting it up on the router could prove complicated for some.