IOS 15 - has anyone got any VPN running?

[peter-h]

They have removed the old and reliable "always works" PPTP VPN option, and I can't find any 3rd party app for PPTP so presumably The Church of Apple has banned any such apps. I know the stuff about "lack of security" but actually there is no practical issue (unless the NSA is your enemy) if you research it rather than just read stuff online where each website copies BS from the others.

The VPN server is a Draytek 2960 router. Relatively new so the online appnotes (without which a Draytek VPN would never work) are obsolete.

The names of the options on the two ends don't quite match up... they are all a mixture of L2TP, IPSEC, L2TP/IPSEC, you name it. The Draytek appnotes are ancient, and their SmartVPN IOS app doesn't work (as some have reported) on latest IOS.

On the Ipad I see IKEV2, IPSEC, and L2TP. On the router I see (apart from PPTP) L2TP, SSL, OPENVPN, XAUTH.

I've got the Ipad working to a Softether VPN server (on a virtual server). Don't ask me how; I have two of those servers on two different virtual servers, one set up in 2014 and one in 2021, and only the older one works with the Ipad (and incidentally latest android) but both work with Windows, all versions

I checked I am not getting caught up with the old issue of trying to VPN to the same subnet as the client So, going out in 4G mobile connection.

Many thanks for any ideas.

[alexnoot]

As far as I know PPTP is obsolete and has been dropped by many for it's insecurities.

I use OpenVPN myself, it's running on my pFsense router (but could just as easily be set up on a separate/virtual server). No issues connecting to it on iOS 15.3, I use the OpenVPN app for adding the VPN profile and connecting to it, i've had no problems with this.

[voltsandjolts]

https://www.draytek.co.uk/products/business/vigor-2960   VPN Features:

DrayTek SSL VPN is simple to configure, providing a more secure alternative to the now obsolete Point to Point Tunneling Protocol (PPTP VPN); which has known weaknesses and is now considered to be insecure. Setup is similar to a PPTP VPN tunnel in that it authenticates with an SSL VPN Username and Password.

The new kid on the block is WireGuard and it's supported on some DrayTek units, don't know about 2960 specifically. IMHO that would be the best option if available to you.
https://www.draytek.com/support/knowledge-base/7661#!

[peter-h]

The 2960 supports only those listed above: https://www.draytek.co.uk/support/downloads/vigor-2960

I am sure there is a way to make this work but one needs a ready-cooked appnote, like Draytek used to do for all their routers. The chances of getting stuff like IPSEC site-site VPN running, without the appnotes, was minus absolute zero.

I wasn't intending to get into PPTP security but if you research it, you find it is actually fine for any civilian use. The terminator security is just down to guessing the login credentials, which anybody can do for any VPN if they are stupidly chosen, or whether there is a back door (a weakness in any VPN). A brute force attack is not feasible. The only real "insecurity" is if you are establishing the connection over a public network, say hotel wifi, where somebody is capturing the data. Then you have a keyspace of "only" 56 bits, but the internet is full of BS like this

The protocol itself is no longer secure, as cracking the initial MS-CHAPv2 authentication can be reduced to the difficulty of cracking a single DES 56-bit key, which with current computers can be brute-forced in a very short time (making a strong password largely irrelevant to the security of PPTP as the entire 56-bit keyspace can be searched within practical time constraints).

It takes only a minute on google that - outside of NSA-level hardware - you are into years. "practical time constraints" - yeah right... But nothing stops the "civil liberties / must have 100000 bit keys everywhere" crowd posting that PPTP is rubbish. Of course it also makes Apple look good - they must move with the fashion

This "DES is weak" stuff has been going around since the late 1970s when it came out. Back then, according to a source I had, the NSA bought some huge number (100k?) of the Zilog/AMD DES coprocessor chips. These ran at ~4MHz and with some clever preprocessing and postprocessing hardware (e.g. scanning the decrypt for a human language) you could crack DES in hours or less, with 100k chips. A fast PC in the 1990s would take 100+ years. Today, a few years. In the 1990s you could build a special machine using say 100k of the biggest Xilinx FPGAs and do it in minutes or less. I did such a design, on paper, just to see... All of DES could be done as a pipeline, no clocking, so just the propagation delay, say 50ns per key. Still, this is very, very, strong. If your enemy has this kind of kit, forget it all and live in a hut on the side of a mountain in Hillbilly country

I've set up countless VPNs and every time PPTP worked out of the box, and every time the other stuff didn't. SSL in particular was a joke, because you usually need an executable at the client end (active-x in the old days, and the browser had to be running the whole time you wanted the VPN).

[Cerebus]

It takes only a minute on google that - outside of NSA-level hardware - you are into years. "practical time constraints" - yeah right... But nothing stops the "civil liberties / must have 100000 bit keys everywhere" crowd posting that PPTP is rubbish. Of course it also makes Apple look good - they must move with the fashion

You need to improve your Google fu; in 2012 Moxie Marlinspike had a machine built from 48 Virtex-6 FPGAs that cost about $100k, that could brute force a DES key in 26 hours. One day is not years. You are out by a minimum factor of 674:1, we if generously assume by years plural you meant 2.

You can buy time on this machine. If you want a password for PPTP cracked it will cost you $20 if you can wait for the result, $200 if you want it ASAP. So one doesn't need to be a nation state to hack someone's PPTP VPN, you just need to have $20.

That technology was (1) ten years ago, (2) in private hands with a relatively small budget. Consider what has happened to the cost of raw FPGA power in ten years. The likes of the NSA will be cracking PPTP keys in milliseconds these days.

[peter-h]

This is still completely irrelevant for private use.

Remember that the attacker needs to be positioned to grab the data.

For fixed VPNs you use IPSEC, and it will be easier to break into the office at night

For VPNs when travelling or just out of the office (remote worker) the enemy has to climb up some pole, etc. or find out which hotel you are and connect to their wifi, etc.

None of this is realistic unless you really p1ssed off somebody big.

We are not posting the ciphertext on eevblog and offering $1000 to anyone who can crack it

Then remember that most of the time you will just be running some TLS session anyway, with no credentials in the open even if the stream was decoded. I guess one might be running RDP (remote desktop) which does pass the credentials in the open but then how often?

It doesn't stack up, when you consider all the compatibility issues of the "secure" VPNs.

[Halcyon]

This is still completely irrelevant for private use.

Remember that the attacker needs to be positioned to grab the data.

For fixed VPNs you use IPSEC, and it will be easier to break into the office at night

For VPNs when travelling or just out of the office (remote worker) the enemy has to climb up some pole, etc. or find out which hotel you are and connect to their wifi, etc.

None of this is realistic unless you really p1ssed off somebody big.

We are not posting the ciphertext on eevblog and offering $1000 to anyone who can crack it

Then remember that most of the time you will just be running some TLS session anyway, with no credentials in the open even if the stream was decoded. I guess one might be running RDP (remote desktop) which does pass the credentials in the open but then how often?

It doesn't stack up, when you consider all the compatibility issues of the "secure" VPNs.

I disagree.

Public WiFi in hotels, restaurants, cafes etc... are one such place where I want to be certain that my data (and in particular the set up/negotiation of the tunnel) itself is secure and not easily cracked. Ultimately you don't know who or what is capturing your traffic, particularly on connections which you didn't install or implement. You also have members of this forum who live in countries where internet connections may not be as private or secure as other countries.

You don't even have to be a high profile target or be doing anything sensitive to become a victim. Hackers/crackers/script kiddies often just do it for fun. With VPN technologies like OpenVPN or WireGuard, there is little reason to use the old, insecure methods, even if it's for your personal home connection.

[peter-h]

Sure... but (see above) who will be after your traffic, given the difficulty of cracking it. It is still much easier to break into your hotel room and steal your laptop, etc.

This is the problem with generalising. It's like HTTPs. Everybody wants it now, even on embedded products. But how do you prevent a fake DNS server set up on the LAN, and somebody installing a fake root cert on your box?

[voltsandjolts]

This thread exists because you insist on using deprecated technology, making life hard for yourself, and more for us.
Life is easier is you just go with the flow.

[peter-h]

If you read my post #1 you will see I am looking for solutions, and it doesn't have to be PPTP

I have spent perhaps a man-day "going with the flow" and trying different things with the available VPN options (which are all IPSEC based AFAICT) and none of them work with this Draytek router. This is how it always was. IPSEC is a hell to set up because there are so many options (you need an expert to do it, probably with a protocol analyser, and write up an appnote, and use the specific router brand and model). PPTP always worked right out of the box.

What I got instead is what is pretty normal on the internet: a digression into tangential "theoretical security" issues If somebody asks how to set up PPTP... Probably the right answer is:

- the current IOS does not support PPTP
- Apple have banned 3rd party PPTP clients from their app shop
- I haven't got a clue how to set up an Ipad to work with your router

[voltsandjolts]

OK, so what happened when you tried to use OpenVPN?

[peter-h]

From my OP:

On the Ipad I see IKEV2, IPSEC, and L2TP. On the router I see (apart from PPTP) L2TP, SSL, OPENVPN, XAUTH.

But just now I've found this: https://www.draytek.com/support/knowledge-base/5321 so might give it a try again. It mentions a 3rd party VPN app OpenVPN Connect. However, that appnote is 4 years old, which is an eternity in terms of IOS changes. I will try it and report.

[voltsandjolts]

Your OP did not specify the solution had to be a built-in iOS protocol. Your OP also stated you had looked for a 3rd party app, and if you are willing to use a 3rd party app "OpenVPN Connect" is an obvious option (which is available in the app store).

[peter-h]

Good news: OpenVPN works!

Quite strange though. The Ipad has two places for VPNs:

One is in Settings -> VPN and there I can slide the Status switch to the right, it shows Connected (immediately) but the router shows no connection. It shows the traffic volume clocking up but the traffic is actually going through the base connection

The other is in the OpenVPN app itself and there you have a similar switch, and that one actually does the VPN (takes a few seconds).

I think the first is just a global "VPN use" enable switch and on that the "Connected" status is just BS. The amusing thing about this is that it is really easy to think you are using a VPN but actually you are not. So better not use an Ipad for something dodgy I have VPNs set up only because a lot of hotel etc networks block certain ports e.g. port 25.

The IOS UI is a mess anyway.

Thank you all for the tips!

OpenVPN also works on android, even old (v5). But not on Windows 10 (connects fine but speed is ~1kbyte/sec, and yes I did lots of googling on why). Win10 is not too important because other VPNs work on that e.g. PPTP, L2TP.

[Halcyon]

Sure... but (see above) who will be after your traffic, given the difficulty of cracking it. It is still much easier to break into your hotel room and steal your laptop, etc.

Attackers aren't always after anything. Your data might actually be irrelevant. The list of motives extends to simply being a menace or people using you for "target practice".

https://www.shodan.io/search?query=PPTP

[Cerebus]

Sure... but (see above) who will be after your traffic, given the difficulty of cracking it. It is still much easier to break into your hotel room and steal your laptop, etc.

Attackers aren't always after anything. Your data might actually be irrelevant. The list of motives extends to simply being a menace or people using you for "target practice".

https://www.shodan.io/search?query=PPTP

I don't think people even begin to grasp the scale of malicious activity on the Internet nowadays. Today alone there have been 12832 SSH connection attempts that my home firewall has blocked and logged, 35 in the last minute alone. Thirty-four of those are from the same host in China (240e:f7:4f01:c:0:0:0:0:3) which is doing a pseudorandom walk of IPv6 address space which indicates a huge amount of bandwidth as there's no reason for my home network to be targeted, and other people are reporting probes from this address too which means that they must be hitting a huge swathe of address space at the same time. The amount of bandwidth necessary to do that suggests a well funded, probably nation-state hacking effort just randomly looking for vulnerable hosts.

That people are prepared to whack about the IPv6 address space at all is quite amazing. To even make it sane to do it means that someone has, on the balance of probabilities, had to start from using captured traffic from somewhere to even find a subnet to probe at all. I have a /48 allocated to me, which mean there are 2¹⁶ possible /64 subnets (each with potentially 2⁶⁴ valid host addresses) on my network alone, so finding one by chance that is in use is unlikely. Then for the subnet they have found they have to find a host, potentially one of 2⁶⁴ but they seem to just be pseudorandomly scanning the bottom 16 bits, still 2¹⁶ possibilities on a subnet that actually has a handful of hosts, and anyway has a firewall in front of it.

They are going to get nothing, but they know that is probably the case and are still prepared to try because eventually someone less careful than me will have left them a hole. If they're prepared to spend lots of money on a set of random non-targets with little probability of success, what are they going to spend on something that looks like it might just possibly be interesting? Now, in that context, does a VPN with a known vulnerability look like they might consider it 'interesting'?

One clearly doesn't have to appear to be a worthwhile target (I'm certainly not, and there's no reason to suppose that someone would think I was) to actually functionally be a target of this random style of hunting for something worth attacking.

 

[peter-h]

https://www.shodan.io/search?query=PPTP

AFAICT that is just somebody doing a port sniff of random IPs and locating the VPN terminators which are PPTP.

You could do the same for whichever type of IPSEC, etc. Same for using google to locate all the ethernet-connected AXIS webcams in peoples' houses

The only defence is implementing "knocking" which AIUI uses a sniff of a sequence of random ports to open up the real VPN terminator. I have not seen a router which implements this. I believe it is done using high-end firewalls where you can do the required timing.

Today alone there have been 12832 SSH connection attempts that my home firewall has blocked and logged, 35 in the last minute alone

Yes; this is completely normal I run a number of servers and all are hit all the time. Usually within minutes of the DNS being published.

But the attacker still needs a way in. It has to be either a guess of the username+pwd (btw, OpenVPN uses just those two, as standard) or a back door in the VPN-terminating router.

The above fully applies to PPTP. No known other way into a PPTP VPN terminator. The "DES equivalent" attack is only if somebody captures the login session, or presumably the data stream.

Actually it is similar for the old FTP, which everybody says is insecure and all that... You still need the login credentials, or a back door in the server. The big issue with FTP is that the credentials are transmitted in the clear; same as SMTP, POP etc.

I still can't see anything concrete supporting "PPTP=insecure" other than hysteria which somebody started years ago and everybody bought into it.

[Cerebus]

https://www.shodan.io/search?query=PPTP

AFAICT that is just somebody doing a port sniff of random IPs and locating the VPN terminators which are PPTP.

You could do the same for whichever type of IPSEC, etc. Same for using google to locate all the ethernet-connected AXIS webcams in peoples' houses

The only defence is implementing "knocking" which AIUI uses a sniff of a sequence of random ports to open up the real VPN terminator. I have not seen a router which implements this. I believe it is done using high-end firewalls where you can do the required timing.

Today alone there have been 12832 SSH connection attempts that my home firewall has blocked and logged, 35 in the last minute alone

Yes; this is completely normal I run a number of servers and all are hit all the time. Usually within minutes of the DNS being published.

But the attacker still needs a way in. It has to be either a guess of the username+pwd (btw, OpenVPN uses just those two, as standard) or a back door in the VPN-terminating router.

The above fully applies to PPTP. No known other way into a PPTP VPN terminator. The "DES equivalent" attack is only if somebody captures the login session, or presumably the data stream.

Actually it is similar for the old FTP, which everybody says is insecure and all that... You still need the login credentials, or a back door in the server. The big issue with FTP is that the credentials are transmitted in the clear; same as SMTP, POP etc.

Sigh. You just didn't understand the argument did you? It was about cost and threat models. If you do not understand costs and threat models you will never understand computer security.

Furthermore sticking your fingers in your ears and chanting "PPTP is still secure." when all the real experts, starting with Bruce Schneier and followed by all the luminaries of the computer security world, are saying "It's broken, don't use it." is just plain foolish.

I still can't see anything concrete supporting "PPTP=insecure" other than hysteria which somebody started years ago and everybody bought into it.

You clearly didn't look very hard: https://www.schneier.com/academic/pptp/

The takeaway from the above: "At this point we still do not recommend Microsoft PPTP for applications where security is a factor."

[peter-h]

The detail is always interesting...

And that is an old link.

These changes address most of the major security weaknesses of the orginal protocol. However, the revised protocol is still vulnerable to offline password-guessing attacks from hacker tools such as L0phtcrack. At this point we still do not recommend Microsoft PPTP for applications where security is a factor.

I have read Bruce Schneier too. He's a good writer. Perhaps a bit of a "popular science" writer. But when he talks about security he is talking from the perspective of military-level attacks. Today we don't regard DES as good enough for that. 3DES, nobody publicly knows if there is a fast attack (like is possible for DES with a purpose-built machine). AES256? Nobody publicly knows. But for working from home and sending emails to your customers?

[Cerebus]

And that is an old link.

It's a old vulnerability, still unfixed.

These changes address most of the major security weaknesses of the orginal protocol. However, the revised protocol is still vulnerable to offline password-guessing attacks from hacker tools such as L0phtcrack. At this point we still do not recommend Microsoft PPTP for applications where security is a factor.

Read carefully, that's talking about fixed vulnerabilities that were in V1 of PPTP, the analysis, and final conclusion, is of PPTP V2.

[peter-h]

However, the revised protocol is still vulnerable to offline password-guessing attacks from hacker tools such as L0phtcrack. At this point we still do not recommend Microsoft PPTP for applications where security is a factor.

[my bold]

What "security"? Military, casual-commercial, strong-commercial, private trivia, etc?

Here they talk about V2 weaknesses
https://www.schneier.com/news/archives/1999/07/windows-based_vpns_n.html

version 2 continues to rely upon password-based keys in its authentication and encryption mechanisms. Because most users tend to select very poor passwords, Schneier and Mudge assert that this leaves the system open to freely available dictionary-type password cracking software.

Well, sure, if using passwords which can be guessed with a dictionary attack, then this doesn't count, because you can just do a dictionary attack That's what the chinese do all day long. I can watch the console on a server and see the attempts.

[Cerebus]

However, the revised protocol is still vulnerable to offline password-guessing attacks from hacker tools such as L0phtcrack. At this point we still do not recommend Microsoft PPTP for applications where security is a factor.

[my bold]

What "security"? Military, casual-commercial, strong-commercial, private trivia, etc?

Ask Bruce, he wrote it. But my guess would be he meant "anything you're not prepared to write on a postcard".

Do what you want, use PPTP if you like, we don't care if you get hacked. But don't go around saying things like "I still can't see anything concrete supporting "PPTP=insecure" other than hysteria which somebody started years ago and everybody bought into it." when people like Bruce are saying "It's insecure". Bruce is a world-class security and cryptography expert, his submissions to NIST's searches for new cypher and hash algorithms made it into the sets of algorithms given serious consideration for standardisation. When someone of his caliber speaks, a wise man listens. I trust his sober judgement much more than anyone should trust your ill-informed opinion that "It's all hysteria" or your equally ill-informed passing Bruce off as "a "popular science" writer".

[peter-h]

Ask Bruce, he wrote it. But my guess would be he meant "anything you're not prepared to write on a postcard".

That is an extreme position. I remember Bruce from the old days of the EFF movement, mid to late 1990s. Everybody was laboriously putting their emails through PGP I think he still lives in those days.

There have been so many pushes to force through secure email etc and almost all have come to nothing. The last one I came across was some US company which happened to do some DOD business and insisted on using some encryption plug-in for MS Word. Encryption is easy, authentication isn't because the certificates are such a perpetual hassle, especially with recent moves to short-life certificates which need a cron task to fetch the new one, which works, until one day it doesn't, and you have to chuck money at an "IT man" who dives in and for a few hundred quid finds out why it broke yet again.

Nobody bothers anymore. Most of the internet is encrypted anyway, between routers. And the big routers have an NSA/GCHQ monitoring port, reportedly

~99% of internet crime is straight con-jobs, like emailing you your supplier's "new bank details". Minimal social engineering needed. Even a Nigerian can do it. A Chinese can do it in his sleep, and they do... In China, every time an employee leaves he steals the company's customer list and then you get an email from his new company. Buy some PCBs from JLCPCB and you will get half a dozen of these; job turnover in China is massive, and their gmail login security is zero.

I still want to see viable specific attacks on PPTP. How exactly would you hack a PPTP server, if the passwords aren't guessable and there is no back door in the code?

[Cerebus]

Most of the internet is encrypted anyway, between routers.

If you wanted to convince me that you really don't have a clue, that sentence was the way to do it. Encryption between most routers? Really? Name me one, one, tier 1 ISP that routinely encrypts traffic between most routers. You can't of course, because they don't, none of them. I should know because that was the business I was in for years, designing and implementing ISP networks and was involved in producing network management software for the core Internet network of one of the world's top ten telcos size-wise as recently as just over two years ago. The Internet's backbones run in the clear, there is no encryption involved (except possibly at the control plane).

[stevelup]

Apple removed PPTP on, I think, iOS 10, so about five years ago. You must have been using an ancient device until now!

If you have an 'always on' device somewhere on your network, I'd suggest using something like ZeroTier - it works perfectly. I've got hundreds of client devices on it and it's flawless.