I want to use L2TP to through NAT, but i do not need IPsec, because IPsec waste much CPU. I can setup one L2TP server on linux, so is there any L2TP windows client without IPsec ?
Asked
Active
Viewed 9,087 times
2 Answers
3
You can use default L2TP windows client and ProhibitIpSec.
ooshro
- 11,134
- 1
- 32
- 31
-
And need reboot the Windows to make the change take effects. – PokerFace Sep 18 '18 at 13:03
-1
My understanding is that L2TP without IPsec in insecure.
"WARNING: Disabling IPSEC for L2TP connections is a severe limitation in security and is recommended only for troubleshooting." - http://support.microsoft.com/kb/258261
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Rasman\Parameters
Add the following registry value to this key:
Value Name: ProhibitIpSec
Data Type: REG_DWORD
Value: 1
Note that you must restart your Windows 2000-based computer for the changes to take effect.
-
If incapsulated protocol has it’s own encryption (and ppp does, it’s MPPE) then it’s as secure as the encryption is. So “l2tp without ipsec is unsecure” is generally an urban legend. – drookie Nov 26 '17 at 10:23