Vyatta NOS documentation

Learn how to install, configure, and operate Vyatta Network Operating System (Vyatta NOS), which helps to drive our virtual networking and physical platforms portfolio.

security vpn l2tp remote-access ipsec-settings authentication mode <mode>

Sets the IPsec authentication mode to be used for IPsec authentication on remote access L2TP VPN connections.

set security vpn l2tp remote-access ipsec-settings authentication mode mode
delete security vpn l2tp remote-access ipsec-settings authentication mode
show security vpn l2tp remote-access ipsec-settings authentication mode

Pre-shared secret.

mode
Specifies the authentication mode to be used for IPsec authentication on L2TP VPN remote access connections. Supported values are as follows:

pre-shared-secret: Uses a pre-shared secret for authentication.

x509: Uses X.509 V.3 certificates for authentication.

Configuration mode

security {
       vpn {
          l2tp {
             remote-access {
                ipsec-settings {
                   authentication {
                      mode mode
                }
             }
          }
       }
   }
}

Use this command to set the authentication mode to be used for IPsec authentication on remote access L2TP VPN connections.

A pre-shared secret, or pre-shared key (PSK), is a method of authentication. The secret, or key, is a string agreed upon beforehand by both parties as key for authenticating the session. It is used to generate a hash such that each VPN endpoint can authenticate the other.

If the authentication mode is pre-shared-secret, you must configure the secret using the security vpn 12tp remote-access ipsec-settings authentication pre-shared-secret secret command.

The pre-shared secret is not passed from side to side. It is configured on both sides, and must match on both sides. Pre-shared secrets are less secure than X.509 certificates.

Note: You should restrict the use of pre-shared keys to smaller, low-risk environments.

X.509 v.3 certificates are certificates conforming to the ITU-T X.509 version 3 standard for public key infrastructure (PKI). The certificate is issued by a Certificate Authority (CA), and stored securely on the local Vyatta router.

If the mode is X.509 certificates, you must configure all X.509 certificate information.

Use the set form of this command to specify the authentication mode for remote access L2TP VPN.

Use the delete form of this command to remove authentication mode configuration.

Use the show form of this command to display authentication mode configuration.