HideMyAss VPN

Wednesday, July 31, 2013

What is L2TP VPN?

In computer networking, Layer 2 Tunneling Protocol (L2TP) is a tunneling protocol used to support . It does not provide any encryption or confidentiality by itself; it relies on an encryption protocol that it passes within the tunnel to provide privacy.
virtual private networks (VPNs)
Although L2TP acts like a Data Link Layer protocol in the OSI model, L2TP is in fact a Session Layer protocol, and uses the registered UDP port 1701.
Encryption: The L2TP payload is encrypted using the standardized IPSec protocol. RFC 483578e9caae14728313c1edadf9673d19db_cfcd208495d565ef66e7dff9f98764da specifies either the 3DES or AES encryption algorithm for confidentiality. A 256 bit key will be used for encryption. (AES256 is the first publicly accessible and open cipher approved by the NSA for top secret information)
Ports used: L2TP/IPSEC uses UDP 500 for the the initial key exchange, protocol 50 for the IPSEC encrypted data (ESP), UDP 1701 for the initial L2TP configuration and UDP 4500 for NAT traversal. L2TP/IPSec is easier to block than OpenVPN due to its reliance on fixed protocols and ports.
Supported operating systems: Windows, Mac, Linux, iOS, Android, DD-WRT
The entire L2TP packet, including payload and L2TP header, is sent within a UDP datagram. It is common to carry Point-to-Point Protocol (PPP) sessions within an L2TP tunnel. L2TP does not provide confidentiality or strong authentication by itself. IPsec is often used to secure L2TP packets by providing confidentiality, authentication and integrity. The combination of these two protocols is generally known as L2TP/IPsec

L2TP/IPsec

Because of the lack of confidentiality inherent in the L2TP protocol, it is often implemented along with IPsec. This is referred to as L2TP/IPsec, and is standardized in IETF RFC 3193. The process of setting up an L2TP/IPsec VPN is as follows:
  • Negotiation of IPsec security association (SA), typically through Internet key exchange (IKE). This is carried out over UDP port 500, and commonly uses either a shared password (so-called "pre-shared keys"), public keys, or X.509 certificates on both ends, although other keying methods exist.
  • Establishment of Encapsulating Security Payload (ESP) communication in transport mode. The IP protocol number for ESP is 50 (compare TCP's 6 and UDP's 17). At this point, a secure channel has been established, but no tunneling is taking place.
  • Negotiation and establishment of L2TP tunnel between the SA endpoints. The actual negotiation of parameters takes place over the SA's secure channel, within the IPsec encryption. L2TP uses UDP port 1701.
When the process is complete, L2TP packets between the endpoints are encapsulated by IPsec. Since the L2TP packet itself is wrapped and hidden within the IPsec packet, no information about the internal private network can be garnered from the encrypted packet. Also, it is not necessary to open UDP port 1701 on firewalls between the endpoints, since the inner packets are not acted upon until after IPsec data has been decrypted and stripped, which only takes place at the endpoints.

For a comparison between the VPN protocols OpenVPN, PPTP and L2TP please refer to the article: VPN protocol comparison

HideMyAss Pro VPN & L2TP


The L2TP server IPs can be found @ http://hidemyass.com/vpn-config/l2tp/

Instructions for Windows:


 Quick manual setup instructions:
  • Start > Control Panel > Network and Internet > Network And Sharing Center > Set up a new connection or network > Connect to a workplace > Next > Use my Internet Connection (VPN)
  • Internet Address: The L2TP server IPs can be found @ http://hidemyass.com/vpn-config/l2tp/
  • Destination Name: Name it as you like. Eg: HMA! L2TP.
  • Next
  • Username: Your VPN username
  • Password: Your PPTP password > Your PPTP password can be found at http://vpn.hidemyass.com > PPTP Servers > Login Details
  • Domain: Leave it blank
  • Go back to Network and Sharing Center > Change Adapter Settings > Select HMA! L2TP (the one you just created) > right click and Properties > Security tab > Type of VPN: L2TP/IPSec > Advanced Settings > Use Preshared Key for authentication > Key: HideMyAss > OK
  • Connect!

Instructions for Mac:

For step-by-step instructions with screenshots, see: Mac L2TP Connection Setup

Quick manual setup instructions:
  • System Preference > Network > click on the + button > Interface: VPN > VPN Type: L2TP over IPSec > Service Name: HMA L2TP > Create.
  • Configuration: Default
  • Server Address: The L2TP server IPs can be found @ http://hidemyass.com/vpn-config/l2tp/
  • Account Name: Your VPN username
  • Authentication Settings: Password: Your PPTP password > Your PPTP password can be found at http://vpn.hidemyass.com > PPTP Servers > Login Details.
  • Shared Secret: HideMyAss. > OK.
  • Advanced.. > Options > Make sure ' Send all traffic over VPN Connection' is checked > OK
  • Apply > Connect.

Instructions for Mac Tiger:


  • Applications -> Internet Connect > File > New VPN Connection > L2TP over IPSec > Configuration: Edit Configurations
  • Description: HMA L2TP
  • Server address: The L2TP server IPs can be found @ http://hidemyass.com/vpn-config/l2tp/
  • Account name: VPN username >
  • User Authentication: Your PPTP password ( found on http://vpn.hidemyass.com > PPTP Servers > Login Details)
  • Machine Authentication: Shared Secret: HideMyAss > OK > Connect.

Instructions for DD-WRT routers:


1. Login to your DDWRT router's web interface. (usually http://192.168.1.1)
2. Setup
3. Basic Setup
4. Wan Setup > Connection Type: L2TP
5. Username: Your VPN Username
6. Password: Your L2TP/PPTP password > Your PPTP password can be found at http://vpn.hidemyass.com > PPTP Servers > Login Details.
7. Gateway: The L2TP server IPs can be found @ http://hidemyass.com/vpn-config/l2tp/.
8. Connection strategy: Keep Alive: Redial Period 180 seconds
9. STP: Disable
10. Leave everything as it is.
11. Save and Apply Settings.
 For the complete tutorial, please refer to the article Router configuration

Instructions for iOS devices (IPhone / IPad / IPad2...)


  • For a more info and a step-by-step tutorial, see the article Apple

 Quick manual setup instructions:

Settings > General > Network > VPN > Add VPN Configuration... > L2TP
Description: Anything. Eg: HMA L2TP
Server: The L2TP server IPs can be found @ http://hidemyass.com/vpn-config/l2tp/
Account: Your VPN username
RSA SecurID: Off
Password: Your PPTP password > Your PPTP password can be found at http://vpn.hidemyass.com > PPTP Servers > Login Details
Secret: HideMyAss
Send All Traffic: On

Instructions for Android devices:

  • For a more info and a step-by-step tutorial, see the article Android

 Quick manual setup instructions:
Menu > Settings > Wireless and Network > VPN Settings > Add VPN > Add L2TP VPN
VPN Name: Anything. Eg: HMA L2TP
Set VPN Server: The L2TP server IPs can be found @ http://hidemyass.com/vpn-config/l2tp/
DNS Search domain: 4.4.4.4 (or any other DNS)
Secret: Leave it OFF

Tap Menu, and Save. Tap your new VPN connection in order to connect. Enter your credentials:

Username: Your VPN username
Password: Your PPTP password > Your PPTP password can be found at http://vpn.hidemyass.com > PPTP Servers > Login Details

Instructions for Linux:

  • Please see the article Linux L2TP
    for instructions and tutorials about how to connect via L2TP on Linux.
Posted by at
Labels:

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)