ML
    • Recent
    • Categories
    • Tags
    • Popular
    • Users
    • Groups
    • Register
    • Login

    I can't even

    Scheduled Pinned Locked Moved Water Closet
    wtfi cant eventhat is not how that works
    1.9k Posts 73 Posters 741.5k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • DustinB3403D
      DustinB3403 @Obsolesce
      last edited by

      @tim_g said in I can't even:

      I wouldn't use any of those authentication protocols except MSCHAPv2... uncheck the rest of them.

      He is just showing the options on Fedora, as I'm trying to figure out a weird setting recommendation by Cisco to "require encryption" when using PAP and IPSEC.

      It's several posts above this. . . might be worth its own topic.

      1 Reply Last reply Reply Quote 0
      • DustinB3403D
        DustinB3403 @JaredBusch
        last edited by

        @jaredbusch said in I can't even:

        @DustinB3403 here is my home ERL.

        The part that is going over with Unencrypted PAP is testuser/Testing!123.
        But it is going over the Existing IPSEC tunnel that was set up with the PSK.

        jbusch@jared:~$ show configuration commands vpn | grep l2tp
        set vpn l2tp remote-access authentication local-users username testuser password 'Testing!123'
        set vpn l2tp remote-access authentication mode local
        set vpn l2tp remote-access client-ip-pool start 10.254.203.2
        set vpn l2tp remote-access client-ip-pool stop 10.254.203.10
        set vpn l2tp remote-access dhcp-interface eth0
        set vpn l2tp remote-access dns-servers server-1 8.8.8.8
        set vpn l2tp remote-access dns-servers server-2 8.8.4.4
        set vpn l2tp remote-access ipsec-settings authentication mode pre-shared-secret
        set vpn l2tp remote-access ipsec-settings authentication pre-shared-secret NOTGONNATELLYOU
        set vpn l2tp remote-access ipsec-settings ike-lifetime 3600
        set vpn l2tp remote-access mtu 1492
        

        So with regards to this bit The part that is going over with Unencrypted PAP is testuser/Testing!123. I wonder if requiring encryption is actually encrypting the username and password.

        But how, how does it work?

        ObsolesceO 1 Reply Last reply Reply Quote 0
        • ObsolesceO
          Obsolesce @DustinB3403
          last edited by

          @dustinb3403 said in I can't even:

          I wonder if requiring encryption is actually encrypting the username and password.

          The username/password being encrypted depends on the authentication method. If using PAP, they are sent in clear text, for example.

          DustinB3403D bigbearB 2 Replies Last reply Reply Quote 0
          • DustinB3403D
            DustinB3403 @Obsolesce
            last edited by

            @tim_g said in I can't even:

            @dustinb3403 said in I can't even:

            I wonder if requiring encryption is actually encrypting the username and password.

            The username/password being encrypted depends on the authentication method. If using PAP, they are sent in clear text, for example.

            That is my point of contention, cisco recommends "requiring encryption" when using PAP, yet it doesn't matter.

            So why bother with a recommendation that clearly doesn't work? Is it just to provide the warm and fuzzies?

            scottalanmillerS 1 Reply Last reply Reply Quote 2
            • scottalanmillerS
              scottalanmiller @DustinB3403
              last edited by

              @dustinb3403 said in I can't even:

              So why bother with a recommendation that clearly doesn't work? Is it just to provide the warm and fuzzies?

              Reasonably likely.

              DustinB3403D 1 Reply Last reply Reply Quote 1
              • DustinB3403D
                DustinB3403 @scottalanmiller
                last edited by

                @scottalanmiller said in I can't even:

                @dustinb3403 said in I can't even:

                So why bother with a recommendation that clearly doesn't work? Is it just to provide the warm and fuzzies?

                Reasonably likely.

                Is that in any way reasonable to you as a professional?

                scottalanmillerS 1 Reply Last reply Reply Quote 0
                • scottalanmillerS
                  scottalanmiller @DustinB3403
                  last edited by

                  @dustinb3403 said in I can't even:

                  @scottalanmiller said in I can't even:

                  @dustinb3403 said in I can't even:

                  So why bother with a recommendation that clearly doesn't work? Is it just to provide the warm and fuzzies?

                  Reasonably likely.

                  Is that in any way reasonable to you as a professional?

                  No, but neither is choosing Cisco 😉

                  DustinB3403D 1 Reply Last reply Reply Quote 2
                  • DustinB3403D
                    DustinB3403 @scottalanmiller
                    last edited by

                    @scottalanmiller said in I can't even:

                    @dustinb3403 said in I can't even:

                    @scottalanmiller said in I can't even:

                    @dustinb3403 said in I can't even:

                    So why bother with a recommendation that clearly doesn't work? Is it just to provide the warm and fuzzies?

                    Reasonably likely.

                    Is that in any way reasonable to you as a professional?

                    No, but neither is choosing Cisco 😉

                    touche.

                    1 Reply Last reply Reply Quote 0
                    • scottalanmillerS
                      scottalanmiller
                      last edited by

                      That's mostly tongue in cheek, but only mostly.

                      bigbearB 1 Reply Last reply Reply Quote 0
                      • bigbearB
                        bigbear @scottalanmiller
                        last edited by

                        @scottalanmiller said in I can't even:

                        That's mostly tongue in cheek, but only mostly.

                        Cisco wasn't his choice, nor Meraki...

                        I gotta get back to my desktop and read closer. I did see your point though originally. And is it only recommends to use PAP?

                        scottalanmillerS DustinB3403D 2 Replies Last reply Reply Quote 0
                        • bigbearB
                          bigbear @Obsolesce
                          last edited by

                          @tim_g said in I can't even:

                          @dustinb3403 said in I can't even:

                          I wonder if requiring encryption is actually encrypting the username and password.

                          The username/password being encrypted depends on the authentication method. If using PAP, they are sent in clear text, for example.

                          Yeah he's got that. When you click on his link search the page for PAP and read the boxes comment. That's what we are mulling over.

                          1 Reply Last reply Reply Quote 0
                          • scottalanmillerS
                            scottalanmiller @bigbear
                            last edited by

                            @bigbear said in I can't even:

                            @scottalanmiller said in I can't even:

                            That's mostly tongue in cheek, but only mostly.

                            Cisco wasn't his choice, nor Meraki...

                            I gotta get back to my desktop and read closer. I did see your point though originally. And is it only recommends to use PAP?

                            Didn't say it was. But his question was was it good for Cisco to make that decision, but the real question is... why did someone choose Cisco if it didn't meet the needs?

                            DustinB3403D 1 Reply Last reply Reply Quote 0
                            • DustinB3403D
                              DustinB3403 @bigbear
                              last edited by

                              @bigbear said in I can't even:

                              @scottalanmiller said in I can't even:

                              That's mostly tongue in cheek, but only mostly.

                              Cisco wasn't his choice, nor Meraki...

                              I gotta get back to my desktop and read closer. I did see your point though originally. And is it only recommends to use PAP?

                              The whole setup likely won't matter soon, the issue came up because I had to setup a large number of systems with VPN, and I didn't want to have to go and by hand configure every system.

                              So i wrote a powershell script to do it, based on the information I had in our documentation and that is where I found the weirdness with this "require encryption".

                              PS 4 flat out said "nope go pound sand, that isn't a valid option". I can manually make this change, yet I want to understand why I should bother?

                              I can connect with "minimal" or "require encryption" in either case. Does "require encryption" do something? (not that I can see).

                              1 Reply Last reply Reply Quote 0
                              • DustinB3403D
                                DustinB3403 @scottalanmiller
                                last edited by

                                @scottalanmiller said in I can't even:

                                @bigbear said in I can't even:

                                @scottalanmiller said in I can't even:

                                That's mostly tongue in cheek, but only mostly.

                                Cisco wasn't his choice, nor Meraki...

                                I gotta get back to my desktop and read closer. I did see your point though originally. And is it only recommends to use PAP?

                                Didn't say it was. But his question was was it good for Cisco to make that decision, but the real question is... why did someone choose Cisco if it didn't meet the needs?

                                The real question is, why the hell is this the "configuration method" that is recommended by Cisco.

                                Not "why did someone choose cisco if it doesn't meed the needs".

                                That is a derailment from the question I have, which is "wtf is this doing, if it is clearly wrong?!"

                                bigbearB 1 Reply Last reply Reply Quote 1
                                • bigbearB
                                  bigbear @DustinB3403
                                  last edited by

                                  @dustinb3403 said in I can't even:

                                  @scottalanmiller said in I can't even:

                                  @bigbear said in I can't even:

                                  @scottalanmiller said in I can't even:

                                  That's mostly tongue in cheek, but only mostly.

                                  Cisco wasn't his choice, nor Meraki...

                                  I gotta get back to my desktop and read closer. I did see your point though originally. And is it only recommends to use PAP?

                                  Didn't say it was. But his question was was it good for Cisco to make that decision, but the real question is... why did someone choose Cisco if it didn't meet the needs?

                                  The real question is, why the hell is this the "configuration method" that is recommended by Cisco.

                                  Not "why did someone choose cisco if it doesn't meed the needs".

                                  That is a derailment from the question I have, which is "wtf is this doing, if it is clearly wrong?!"

                                  I'm sure there's some context ties to an old support ticket where someone said something meraki recommended wasn't secure and then some engineer updated the article, etc

                                  1 Reply Last reply Reply Quote 0
                                  • scottalanmillerS
                                    scottalanmiller
                                    last edited by

                                    https://community.spiceworks.com/topic/2085058-is-windows-10-iot-os-secured-enough-to-be-deployed-in-your-organisation

                                    Crazy people with emotional reactions to the name IoT when no IoT exists, and people fearing Windows 10 compared to 7. WTF people?

                                    dave247D 1 Reply Last reply Reply Quote 2
                                    • dave247D
                                      dave247 @scottalanmiller
                                      last edited by

                                      @scottalanmiller said in I can't even:

                                      https://community.spiceworks.com/topic/2085058-is-windows-10-iot-os-secured-enough-to-be-deployed-in-your-organisation

                                      when no IoT exists, and people fearing Windows 10 compared to 7. WTF people?

                                      What does IoT even mean in this case? I've always been unclear on it..

                                      scottalanmillerS 2 Replies Last reply Reply Quote 1
                                      • scottalanmillerS
                                        scottalanmiller @dave247
                                        last edited by

                                        @dave247 said in I can't even:

                                        @scottalanmiller said in I can't even:

                                        https://community.spiceworks.com/topic/2085058-is-windows-10-iot-os-secured-enough-to-be-deployed-in-your-organisation

                                        when no IoT exists, and people fearing Windows 10 compared to 7. WTF people?

                                        What does IoT even mean in this case? I've always been unclear on it..

                                        IoT is the name of the OS version. There is no IoT involved in his use case.

                                        1 Reply Last reply Reply Quote 0
                                        • scottalanmillerS
                                          scottalanmiller @dave247
                                          last edited by

                                          @dave247 said in I can't even:

                                          What does IoT even mean in this case? I've always been unclear on it..

                                          IoT is not a real term, it doesn't mean anything specific. It's a loose reference to devices that you'd not expect to be computing devices that are networked, but are. POS doesn't fall into that category. Your toaster, microwave, or fridge would. A sensor in your attic might. Thermostats really can't be considered this any longer, they are full computing devices and expected to be so, now. So they've left IoT, IMHO.

                                          IoT is a useless term based around the cluelessness or expectations of the observer. It is always subjective and can't be used in any technical context.

                                          dave247D 1 Reply Last reply Reply Quote 2
                                          • dave247D
                                            dave247 @scottalanmiller
                                            last edited by

                                            @scottalanmiller said in I can't even:

                                            @dave247 said in I can't even:

                                            What does IoT even mean in this case? I've always been unclear on it..

                                            IoT is not a real term, it doesn't mean anything specific. It's a loose reference to devices that you'd not expect to be computing devices that are networked, but are. POS doesn't fall into that category. Your toaster, microwave, or fridge would. A sensor in your attic might. Thermostats really can't be considered this any longer, they are full computing devices and expected to be so, now. So they've left IoT, IMHO.

                                            IoT is a useless term based around the cluelessness or expectations of the observer. It is always subjective and can't be used in any technical context.

                                            Lmao, I love it. I always though it seemed like an odd/vague term.

                                            scottalanmillerS 1 Reply Last reply Reply Quote 1
                                            • 1
                                            • 2
                                            • 7
                                            • 8
                                            • 9
                                            • 10
                                            • 11
                                            • 96
                                            • 97
                                            • 9 / 97
                                            • First post
                                              Last post