Sie sind auf Seite 1von 12

How To Configure Windows 7 VPN Client for L2TP connection with MS-CHAP v2 Authentication

How To Configure Windows 7 VPN Client for L2TP connection with MS-CHAP v2 Authentication

Applicable to Version: 10.00 onwards Cyberoam has extended the authentication protocol support to MS-CHAP v2 for L2TP. Until previous versions, Cyberoam supported PAP authentication only. MS-CHAP-V2 is the Microsoft Challenge-Handshake Authentication Protocol v2. CHAP provides the same functionality as PAP, but does not send the password and other user information over the network. This document has 3 sections: 1. Cyberoam Configuration 2. CLI Configuration 3. Windows 7 Configuration

Cyberoam Configuration The entire configuration is to be done from Web Admin console. Access Web Admin console with user having Administrator profile. Note: PPTP and L2TP connections established using MSCHAPv2 or CHAP protocol can be authenticated through RADIUS or Local authentication server. For AD Authentication, the AD Server should be behind a RADIUS Server and passwords should be stored in reversible encrypted form. Step 1 Go to VPN L2TP Configuration to configure L2TP Settings. Parameters General Settings Local IP Address Assign IP from PortA 172.16.16.120 172.16.16.221- 172.16.16.225 Specify IP address range if L2TP server has to lease IP Addresses. This range preferably should be in a different range other than any of the Cyberoams Local Subnet. Client Information Primary DNS Server Secondary DNS Server 4.2.2.2 1.1.1.1 Value

How To Configure Windows 7 VPN Client for L2TP connection with MS-CHAP v2 Authentication

Click on Apply and the L2TP Configuration will be added successfully. Step 2 Go to VPN L2TP Connection to manage the L2TP Connection. Click on Add button to add a new connection.

Parameters General Settings Name Policy Action on VPN Restart

Value

L2TP DefaultL2TP Respond Only

How To Configure Windows 7 VPN Client for L2TP connection with MS-CHAP v2 Authentication

Authentication Details Authentication Type Preshared Key Confirm Preshared Key Local Network Details Local WAN Port Remote Network Details Remote Host * Specify IP address of remote peer/host. Specify * for any IP address Allow NAT Traversal Remote LAN Network Checked Any PortB 192.168.13.120 Preshared Key Configure password as required Type the same password as in above field

Select IP addresses and netmask of remote network which is allowed to connect to the Cyberoam server through VPN tunnel. Quick Mode Selectors Local Port Remote Port 1701 *

Click OK button and the L2TP connection L2TP will be added successfully.

How To Configure Windows 7 VPN Client for L2TP connection with MS-CHAP v2 Authentication

Step 3 Activate the connection by clicking on the red icon under Active column and the connection will be activated successfully.

Step 4 Perform the steps as mentioned in the CLI Configuration section and then go to Step 5 Step 5 Once the authentication mechanism is set in Cyberoam, you need to add the users in the L2TP configuration in Cyberoam. Go to L2TP Configuration (as created in Step 1) and click on Add Members button to define users.

Select the Groups and Users to give L2TP VPN access.

Click Apply button to add these users and user groups to the L2TP members list.

How To Configure Windows 7 VPN Client for L2TP connection with MS-CHAP v2 Authentication

CLI Configuration This configuration is to be done from CLI Console (Telnet/SSH) Step 1 Login to CLI Console and Go to Option 4 Cyberoam Console and press Enter

Step 2 Set the authentication mechanism for your client Type the command set vpn l2tp authentication MS_CHAPv2 to use MSCHAP v2 authentication for your clients.

Note: You can also set the authentication to CHAP or PAP or ANY depending on your requirement.

How To Configure Windows 7 VPN Client for L2TP connection with MS-CHAP v2 Authentication

Windows 7 Configuration

The following procedures outline how to configure a Windows 7 VPN client to access resources behind a Cyberoam Appliance that has been set up to accept L2TP connections.

Set up a L2TP connection on a Windows 7 client as follows:

Step 1 Go to Start Control Panel Network and Sharing Center and click Set up a new connection or network.

How To Configure Windows 7 VPN Client for L2TP connection with MS-CHAP v2 Authentication

Step 2 Select Connect to a workplace and click Next.

Step 3 Select Use my Internet connection.

How To Configure Windows 7 VPN Client for L2TP connection with MS-CHAP v2 Authentication

Step 4 In the Internet address field, type the WAN IP address of the Cyberoam and click Next.

Note: WAN IP address should be same as specified in Local WAN Port field under Local Network Details in L2TP Connection.

How To Configure Windows 7 VPN Client for L2TP connection with MS-CHAP v2 Authentication

Step 5 A windows dialer will open automatically. Specify valid username and password and click Connect.

Step 6 A connection will be established. Go to Start Control Panel Network and Sharing Center and click Connect to a network to view the connection.

How To Configure Windows 7 VPN Client for L2TP connection with MS-CHAP v2 Authentication

Step 7 Open the connection properties and set the below settings in client. Select the IP address in the general tab.

How To Configure Windows 7 VPN Client for L2TP connection with MS-CHAP v2 Authentication

Step 8 In Security tab, Select Layer 2 Tunneling Protocol with IPSec (L2TP/IPSec) as Type of VPN, Select Data Encryption depending on your requirement and enable Microsoft CHAP Version 2 and click OK.

Step 9 Click Advanced Settings and enable Use preshared key for authentication. Specify preshared key and click OK.

Click Ok and connect the VPN.

How To Configure Windows 7 VPN Client for L2TP connection with MS-CHAP v2 Authentication

Step 10 Specify valid username and password and Click Connect.

Note: Login to CLI console and go to option 4 Cyberoam Console and type the command - show vpn logs to check the logs.

These logs help in troubleshooting in case the L2TP connection fails.

Document Version 1.0 23/06/2011