The Adtran community holiday season is starting next week! The holiday period will span from December 21, 2024 to January 6, 2025. During this time, responses to feedback form submissions may be delayed. If you are encountering product issues, you can reach out to Adtran support at any time.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
kmacleod
New Contributor

Adtran VPN client Authentication and newly discovered issues with MSCAPv2 authentication

Jump to solution


I received this morning an article about MSCHAPv2's vulnerability to being hacked in regards to VPN traffic.

http://www.cso.com.au/article/432039/tools_released_defcon_can_crack_widely_used_pptp_encryption_und...

I currently use the Shrewsoft VPN client to connect remotely to our Adtran 4430. From the 4430, I authenticate using MSCHAPv2 to a Win 2K3 Internet Authentication Server (Or NPS VPN Remote VPN Authentication in Win server 2008).

With this article exposing the MSCHAPv2 issues, how can I configure the 4430 to authenticate  to my Windows IAS/NPS server using EAP?

Best Regards,

Ken Macleod

Labels (1)
0 Kudos
1 Solution

Accepted Solutions
Anonymous
Not applicable

Re: Adtran VPN client Authentication and newly discovered issues with MSCAPv2 authentication

Jump to solution

Ken:

Thank you for asking this question in the support community.  There should be no configuration changes that will need to be made on the ADTRAN unit, because the configuration changes you mentioned will need to be performed on the RADIUS server.  The document Configuring Microsoft IAS for RADIUS Authentication with AOS will help you setup the RADIUS server for EAP.

For additional reference the RADIUS Authentication for VPN Clients in AOS can be used to force the remote VPN clients to authenticate (which is sounds like you already have setup).

Please, do not hesitate to reply to this post with any additional information or questions.  I will be happy to help in any way I can.

Levi

View solution in original post

0 Kudos
3 Replies
Anonymous
Not applicable

Re: Adtran VPN client Authentication and newly discovered issues with MSCAPv2 authentication

Jump to solution

Ken:

Thank you for asking this question in the support community.  There should be no configuration changes that will need to be made on the ADTRAN unit, because the configuration changes you mentioned will need to be performed on the RADIUS server.  The document Configuring Microsoft IAS for RADIUS Authentication with AOS will help you setup the RADIUS server for EAP.

For additional reference the RADIUS Authentication for VPN Clients in AOS can be used to force the remote VPN clients to authenticate (which is sounds like you already have setup).

Please, do not hesitate to reply to this post with any additional information or questions.  I will be happy to help in any way I can.

Levi

0 Kudos
Anonymous
Not applicable

Re: Adtran VPN client Authentication and newly discovered issues with MSCAPv2 authentication

Jump to solution

:

I went ahead and flagged this post as “Assumed Answered.”  If any of the responses on this thread assisted you, please mark them as either Correct or Helpful answers with the applicable buttons.  This will make them visible and help other members of the community find solutions more easily.  If you still need assistance, I would be more than happy to continue working with you on this - just let me know in a reply.

Levi

Anonymous
Not applicable

Re: Adtran VPN client Authentication and newly discovered issues with MSCAPv2 authentication

Jump to solution

I went ahead and flagged the "Correct Answer" on this post to make it more visible and help other members of the community find solutions more easily. If you don't feel like the answer I marked was correct, feel free to come back to this post and unmark it and select another in its place with the applicable buttons.  If you still need assistance, we would be more than happy to continue working with you on this - just let us know in a reply.

Thanks,

Noor