PSK issue

[XbNz]

I'll be using the VPN on my router and it doesn't support PSK, is there any way to turn it off completely? I tried looking in the config files and found some relevant lines, commented stuff out, changed some values but to no avail, I need it to connect without PSK involved. Any suggestions?

[Meowzz95]

Without PSK, there is no encryption at all so the author decided not to allow it.

[XbNz]

Is there no way doing this at all? For some reason, PPTP slows down my internet to 2/2 Mbps, but I get full speed with L2TP, so I prefer to use L2TP. Sadly my router doesn't support PSK, do you know of any settings that can be changed to completely remove IPSEC?

[Meowzz95]

I'm not a pro at it, but I guess you should look into this direction

• Find out what the author is using to set up the VPN server
• Read the doc of the thing and find out the option to disable PSK
• Modify the setting to achieve what you want.

[XbNz]

That's what I was thinking. I'll have to comb through the shell file and remove the IPSEC portions. Hopefully that does the trick. Meanwhile, maybe he'll see this thread and respond with something concrete.

Thanks for the help anyway

[Meowzz95]

@XbNz you’re welcome. May I know what router are you using? Maybe you should think the other way round, instead of disabling the PSK, try make your router connect with PSK. I guess a third party firmware should do the trick. And the reason why I come across this repo should be similar to yours, my router also doesn’t provide the option to use PSK, I’m trying to flash in a more powerful firmware. 🤣

[XbNz]

ASUS Merlin, it's actually FANTASTIC software in every other aspect. The OpenVPN customization are very extensive, but my router CPU isn't strong enough to support my full bandwidth with the CPU-intensive encryption of OpenVPN, so I had to resort to L2TP. Really weird that it doesn't support PSK.

[hwdsl2]

Thanks @Meowzz95!

@XbNz As mentioned in earlier issues, L2TP without IPsec is totally insecure (no encryption) and therefore not supported in the VPN setup scripts. Some routers have this mode but it is mainly intended for connecting to special ISPs such as some in Russia, and not for VPN use. On the other hand, only select high-end routers support IPsec/L2TP VPNs.

[XbNz]

Thanks @Meowzz95!

@XbNz As mentioned in earlier issues, L2TP without IPsec is totally insecure (no encryption) and therefore not supported in the VPN setup scripts. Some routers have this mode but it is mainly intended for connecting to special ISPs such as some in Russia, and not for VPN use. On the other hand, only select high-end routers support IPsec/L2TP VPNs.

Thanks for the reply. Actually, the Russian example that you used is sort of applicable to myself. My ISP does not have good routing which leads to high RTT to most servers, so my solution is to connect to a VPN to improve my routing and then connect to another VPN on my computer. So I'm basically doing double VPN (router L2TP + PC/phone OpenVPN). So in terms of security, I'm 100% safe. I understand that you do not have an auto-script for L2TP without IPSEC, but would you be able to guide me through manually disabling IPSEC? I've searched for hours online and most tutorials are very sloppy and don't do a good job explaining. Many VPN providers such as ExpressVPN and PrivateVPN allow L2TP without IPSEC, specifically to support routers like mine.

[letoams]

On Fri, 14 Jun 2019, Natachi wrote:

Thanks for the reply. Actually, the Russian example that you used is sort of applicable to myself. My ISP does not have good routing which leads to high RTT to most servers, so my solution is to connect to a VPN to improve my routing and then connect to another VPN on my computer. So I'm basically doing double VPN (router L2TP + PC/phone OpenVPN). So in terms of security, I'm 100% safe. I understand that you do not have an auto-script for L2TP without IPSEC, but would you be able to guide me through manually disabling IPSEC? I've searched for hours online and most tutorials are very sloppy and don't do a good job explaining. Many VPN providers such as ExpressVPN and PrivateVPN allow L2TP without IPSEC, specifically to support routers like mine.

Ony russian ISP's seem to use L2TP without IPsec. To disable IPsec, you just do not start libreswan/strongswan, and you might have to open the firewall directly for UDP 1701 traffic which is the L2TP port.

Paul

[XbNz]

On Fri, 14 Jun 2019, Natachi wrote: Thanks for the reply. Actually, the Russian example that you used is sort of applicable to myself. My ISP does not have good routing which leads to high RTT to most servers, so my solution is to connect to a VPN to improve my routing and then connect to another VPN on my computer. So I'm basically doing double VPN (router L2TP + PC/phone OpenVPN). So in terms of security, I'm 100% safe. I understand that you do not have an auto-script for L2TP without IPSEC, but would you be able to guide me through manually disabling IPSEC? I've searched for hours online and most tutorials are very sloppy and don't do a good job explaining. Many VPN providers such as ExpressVPN and PrivateVPN allow L2TP without IPSEC, specifically to support routers like mine. Ony russian ISP's seem to use L2TP without IPsec. To disable IPsec, you just do not start libreswan/strongswan, and you might have to open the firewall directly for UDP 1701 traffic which is the L2TP port. Paul

Oh, so I just leave the /etc/xl2tpd/xl2tpd.conf file? No changes needed there? I also did completely disable UFW for testing purposes just to see if it lets me in without a PSK, didn't work though. I'll try installing xl2tpd standalone on a fresh OS install, maybe the residual settings from strongswan or libreswan are refusing connection.