I have tried everything I can think of without success so I'm come to those that know.

We have a couple of 2925n+ routers with a LAN-LAN VPN that is working well. After getting to 3.8.7 we were able to create a site to site dial up that uses AES-SHA256 without issue.

Then we wanted to improve the encryption for the Client VPN dial-in. While getting the AES element is not a problem getting the system to support SHA256 seems to be beyond me.

The clients are a combination of Windows 8.1 and 10 and every time I look at the connection manager I see AES-SHA1

Does anyone one have the steps involved to create a secure client to site VPN or is it time to replace these routers with something that might have some security.

Thanks

Tim

I don't believe that this is true as the SHA256 should be set on the router, but support has said the following and if true, there is a major problem that every Draytek has with their VPNs

"Our Smart client software does not support SHA256, the next best solution would be to use another 3rd party software that supports this encryption."

If support is coming out with lines like this, is there someone who should know?

Thanks

Tim

I was contacted by Louis from Draytek from where I made a documentation suggestion and that has produced a line of investigation that has borne fruit!

The suggestion was to modify the connecting workstation and set:
Windows firewall with advanced security --> (right panel) Properties --> IPsec Settings --> Customize IPsec defaults --> Key Exchange (advanced)

You can set defaults etc. however this was NOT successful in changing the connection from AES-SHA1

We then took this a stage further and used powershell to modify the connection as per
https://docs.microsoft.com/en-gb/powershell/module/vpnclient/set-vpnconnectionipsecconfiguration?view=win10-ps

The connection we used was

Set-VpnConnectionIPsecConfiguration -ConnectionName "Office" -AuthenticationTransformConstants SHA256128 -CipherTransformConstants AES256 -EncryptionMethod AES256 -IntegrityCheckMethod SHA256 -PfsGroup None -DHGroup Group14 -PassThru -Force

The element that is critical is the -AuthenticationTransformConstants SHA256128 and we haven't played with the other available options todate.

This gives a client connection that is at least AES-SHA256 and therefore provides a small challenge to decrypt rather than none at all.

I hope that someone finds this useful.

Thanks

Tim

tch@iqx.co.uk wrote: I hope that someone finds this useful.

Thanks

Tim

Thanks. That's great, I'm sure people will.

tch@iqx.co.uk wrote:
This gives a client connection that is at least AES-SHA256 and therefore provides a small challenge to decrypt rather than none at all.

Why does SHA1 provide no challenge at all? If you're referring to collisions. My understanding is that IKE / ESP mode is designed to mitigate against collision attacks so SHA1 is acceptable for use, where as the same advice wouldn't apply to a SHA1 signed certificate.

It is recommended to use SHA-256 but it's still acceptable to use SHA-1, there are some client operating systems around that don't support SHA-256

https://www.ncsc.gov.uk/guidance/using-ipsec-protect-data

We are aware that some currently fielded devices are unable to perform SHA-256-128 for the ESP integrity algorithm. In accordance with wider recommendations on the use of SHA-1, it is acceptable to continue to use HMAC-SHA-1 as the ESP integrity algorithm at this time.