Project

General

Profile

Actions
Copy link

Todo #13324

closed

Remove Deprecated IPSec Remote Access VPN Guides

Added by Kris Phillips over 3 years ago. Updated over 3 years ago.

Status:
Rejected
Priority:
Normal
Assignee:
-
Category:
VPN
Target version:
-
Start date:
Due date:
% Done:

0%

Estimated time:

Description

Several Configuration Recipes are often find by customers that are no longer recommended. While these guides had usefulness at one point, none of these should ever be implemented in this day and age (L2TP, for example, is highly insecure).

Since customers often stumble on these via Google searches and completely ignore the warning banner about not using them, I would say we should remove them entirely.

Examples include, in order of importance:
https://docs.netgate.com/pfsense/en/latest/recipes/l2tp-ipsec.html - This one is VERY frequently what people "try" to use, regardless of the banner
https://docs.netgate.com/pfsense/en/latest/recipes/l2tp-ipsec-android.html - related to above, so should go since it's tied together
https://docs.netgate.com/pfsense/en/latest/recipes/ipsec-mobile-ikev1-psk.html - Not aware of any clients that still support this. iOS has completely removed this functionality.
https://docs.netgate.com/pfsense/en/latest/recipes/ipsec-mobile-ikev1-xauth.html

Actions
Copy link
 #1

Updated by Jim Pingle over 3 years ago

  • Status changed from New to Rejected

L2TP is not insecure (it's protected by IPsec) it's just not well supported by clients.

They are all still valid just uncommon compared to more modern solutions. Some people (especially in other countries) are stuck with older clients that don't support IKEv2.

I don't think we should remove them yet.

Actions
Copy link

Also available in: Atom PDF