SSTP VPN Features and advantages

SSTP VPN Features and advantages:

SSTP (Secure Socket Tunneling Protocol) is a Microsoft proprietary VPN protocol which works only on Windows based OS, it is considered secured VPN tunnel that provides a way to transport PPP-traffic through an SSL or TLS channel. Which provides transport level security with encryption, key-negotiation, and traffic-integrity checking. SSL or TLS uses TCP port 443 which allows Secure Socket Tunneling Protocol to pass through virtually all firewalls and proxy-servers but except for authenticated web-proxies.
SSTP is generally considered to be one of the most secure protocols for VPN, although it does not have the same open-source benefits as OpenVPN

How SSTP VPN works?

In SSTP a client-device can connects with server using port number 443 after having the internet access. You are required authentication on client side only; client gets server’s certificate for authentication and if it is invalid then the connection gets terminated. Once it is connected, client sends HTTPS-request as well as SSTP control packets, then PPP negotiation and after that PPP assigns IP interfaces to both ends. Now both sides are ready IP communication with each other.

Features and advantages of SSTP

SSTP VPN protocol has following advantages and features that you should consider beforehand to get the best out of it.
  • It uses the SSL port that is port number 443.
  • SSTP almost have the same advantages as OpenVPN and like bypassing NAT firewalls because of ssl port.
  • SSTP uses SSL transmissions instead of IPSec.
  • SSTP uses 2048 bits encryption & authentication-certificates.
  • SSTP can penetrate most of the firewalls.
  •  SSTP is supported by open source VPN server SoftEther.
  • SSTP is considered very secure because of the strong AES encryption.
  • SSTP supports Windows based operating systems like windows 7, 8 or 10.
  • SSTP provides Perfect Forward Secrecy.


On the other hand SSTP is a proprietary technology, SSTP is owned by Microsoft and does not have support for modern mobile and desktop OS.

PPTP vs OpenVPN | Difference between OpenVPN and PPTP


PPTP vs OpenVPN What is the difference between OpenVPN and PPTP

This article is about the difference between  OpenVPN and PPTP. Following are some important differences of  OpenVPN and PPTP.

PPTP

OpenVPN

 Point-to-point tunneling protocol (PPTP) is a VPN protocol used for fast and easy to use protocol. PPTP is a good choice if Open-VPN is not supported by a device.
OpenVPN has Highest performance, fast, secure and reliable which uses open source technology like OpenSSL-encryption and SSL v3-TLS v1. OpenVPN is recommended protocol for OS including Windows, Linux and Mac. Can be slightly slower than PPTP and introduce more overhead.

PPTP Supports Encryption level up to 128 bit session encryption-keys.


OpenVPN Supports Encryption level up to 256 bit session keys, however the session-keys can be vary. Exceptional data security when using AES-256 encryption

PPTP Uses TCP port and GRE Port Configuration.

 You can configure OpenVPN with TCP or UDP ports. Uses port 443 by default, so it looks like HTTPS traffic
·          

PPTP is Very stable and accepted by most Wi-Fi hot-spots.

OpenVPN is the Most stable and reliable even on non reliable networks, behind wireless-routers and on Wi-Fi hot-spots as well.
In PPTP the data encryption is done using the Microsoft Point-to-Point Encryption Protocol.
Where as in Data encryption is done with the OpenSSL library in OpenVPN.

Following are the supported OS by PPTP:
Windows
Mac
Android
Following are the supported OS by OpenVPN:
Windows
Mac
Android
PPTP is less secure as it uses the Basic encryption.
OpenVPN is most secure as it uses the highest encryption and will be most secure if its set to use AES-encryption instead of the weaker-Blowfish encryption.
PPTP is Fast due to lower encryption.
OpenVPN is also best performing protocol with fast speeds, even on connections with high latency and across great distance.
PPTP is old and vulnerable protocol, although integrated in-to common OS and easy to set up. But it is better to stay away from it.
OpenVPN is new and secure, although you ll need to install a 3rd party app.
PPTP is not an open source software
OpenVPN is open source software.

No additional software is required.
Typically requires downloading an extra software client

Drawbacks:
·         Rampant security flaws
·         Shouldn’t be used unless it is an only option
·         Weak encryption
·         Can be blocked easily by ISPs and networks

·         A little more difficult for non-technical users to setup without a guide and this is the one of the largest drawbacks to OpenVPN is that it isn’t always available as an option for non-technical users.
·         And because it isn’t offered by default with most operating systems, users first typically need to download an OpenVPN client-software. In addition, OpenVPN can actually be a little slower than other connection options such as L2TP/IPsec.



I hope this is informative for you, i tried to cover all aspects in this post. You can add or share your comments for improving this post. Thank you!

VPN Configuration on Gns3

Gateway of last resort is not set In Cisco Router

Gateway of last resort is not set In Cisco Router or Switch

You may notice the Line “gateway of last resort is not set” in output when you use the cisco command Show IP Route. This short article will explain that why you are getting this message.

Cisco router gateway of last resort

"Gateway of Last Resort is not set” means that there is no default route for IP packets which have no match with routing table. Gateway of last resort are routes use to avoid your router from dropping packets with unknown networks those are not exist in routing table
Routing table have the list of all known routes. Every time when a router receives a packet, router matches it with routing table entries if it present in routing table then it forward to that path and if route not present in routing table then it is forwarded to default gateway or default route.

How to set Gateway of last resort in router

You can configure or set a default gateway, or route of last resort with following commands:
  •  ip default-network    
  • ip default-gateway    
  • ip route 0.0.0.0 0.0.0.0


ip default-gateway

The ip default-gateway command is used when ip routing is disabled on Cisco-router. Following example defines the default route on router to 172.16.15.4:
ip default-gateway 172.16.15.4


Instead of ip default-gateway command, you can use ip default-network when ip routing is enabled on Cisco-router. When you configure ip default-network the router considers routes to that network for installation as the gateway of last resort on the router. Gateways of last resort selected using the ip default-network command are advertised differently depending on which routing protocol is advertise the default route. For IGRP/EIGRP to propagate the route, the network specified by the ip default-network command must be known to IGRP or EIGRP.
RIP advertises a route to 0.0.0.0 if a gateway of last resort is selected using the ip default-network command.
The default route advertised with the ip default-network command is not propagated by IS-IS and OSPF.

IP Route 0.0.0.0

Creating a static-route to unknown network is another way to set the gateway of last resort on a router. IGRP does not recognize a route advertise with static route command to 0.0.0.0. You are required to use the ip default-network command in case of IGRP. EIGRP advertise a route to network 0.0.0.0, but the static route must beredistributed into the routing protocol.
RIP routers running Cisco IOS 12.0T and later does not advertise the default route where as in earlier version it automatically create a default route 0.0.0.0.

Summary:
Use the ip default-gateway command if the ip routing is disabled on Cisco-router and Use the ip default-network and ip route 0.0.0.0 0.0.0.0 commands to set the gateway of last resort on Cisco routers that have ip routing enabled. The way in which routing-protocols advertise the default route differs for each protocol.

Quick Tip:
For setting network of last resort like use the following command:
ip default-network <IP address of gateway>

Redistribute static route into EIGRP re-distribute Static Lab

Redistribute static route into EIGRP

In an inter-network environment, normally you have a single routing-protocol for ease of controlling your network. But when you are connecting the multiple networks, branch office with each other then there may be the different routing protocol.
Route Redistribution permits routes from one routing-protocol to be advertised in-to another routing-protocol. The routing protocol which receives these redistributed-routes are normally marked the routes as external-routes. External-routes are generally less preferred than locally originated-routes.
You can redistribute routes from one routing protocol to same routing protocol, like two separate OSPF with different process ID’s.
Redistribute static route into EIGRP
Similarly you can redistribute static routes and connected interfaces into a routing protocol as well. This article is about the redistributing the static routes into EIGRP process. For simplicity and clear understanding I have designed a lab in GNS3.
Lab Objectives

We have three routers R1, R2 and R3. R1 and R3 are running with EIGRP and our objective is to redistribute the static routes from R2 into EIGRP so that these can be available at R3 as external routes.
I have configured this lab on GNS3 with following configurations:
Configurations on R2

R2(config)#interface f0/0
R2(config-if)#ip address 50.0.0.1 255.255.255.0
R2(config-if)#no shut
R2(config-if)#exit
R2(config)#interface loopback 1
R2(config-if)#ip address 10.10.10.1 255.255.255.0
R2(config-if)#interface loopback 2
R2(config-if)#ip address 20.10.10.1 255.255.255.0
R2(config-if)#interface loopback 3
R2(config-if)#ip address 30.10.10.1 255.255.255.0
R2(config-if)#interface loopback 4
R2(config-if)#ip address 40.10.10.1 255.255.255.0

Configuration of static routes for not directly connected routes:
For static route configurations you are required to advertise destination network with next hop address via static route command as following:
R2(config)#ip route 150.0.0.0 255.255.255.0 50.0.0.2
R2(config)#ip route 100.10.10.0 255.255.255.0 50.0.0.2
R2(config)#ip route 200.10.10.0 255.255.255.0 50.0.0.2


Configurations on R3
R3(config)#int f0/0
R3(config-if)#ip address 150.0.0.2 255.255.255.0
R3(config-if)#no shut
R3(config)#int loopback 1
R3(config-if)#ip address 100.10.10.1 255.255.255.0
R3(config-if)#exit
R3(config)#int loopback 2
R3(config-if)#ip address 200.10.10.1 255.255.255.0
R3(config-if)#exit

R3(config)#router eigrp 10
R3(config-router)#network 150.0.0.0 0.0.0.255
R3(config-router)#network 100.10.10.0 0.0.0.255
R3(config-router)#network 200.10.10.0 0.0.0.255

Configurations on R1

R1(config)#int f1/0
R1(config-if)#ip address 50.0.0.2 255.255.255.0
R1(config-if)#no shutdown
R1(config)#interface fastEthernet 0/0
R1(config-if)#ip address 150.0.0.1 255.255.255.0

R1(config)#router eigrp 10
R1(config-router)#network 150.0.0.0 0.0.0.255
R1(config-router)#network 50.0.0.0 0.0.0.255

R1(config)#ip route 10.10.10.0 255.255.255.0 50.0.0.1
R1(config)#ip route 20.10.10.0 255.255.255.0 50.0.0.1
R1(config)#ip route 30.10.10.0 255.255.255.0 50.0.0.1
R1(config)#ip route 40.10.10.0 255.255.255.0 50.0.0.1

Static Routes redistribution into EIGRP Configurations
For Static Routes redistribution into EIGRP you need to permit all the static routes with a route map which you want to redistribute into EIGRP. For this you are required a access-list with all IP which are going to redistribute in EIGRP.

R1(config)#access-list 7 permit 10.10.10.1
R1(config)#access-list 7 permit 20.10.10.1
R1(config)#access-list 7 permit 30.10.10.1
R1(config)#access-list 7 permit 40.10.10.1

R1(config)#route-map static-to-eigrp permit 10
R1(config-route-map)#match ip address 7

Redistribution Commands:

R1(config)#router eigrp 10
R1(config-route-map)# R1(config-router)#redistribute static route map static-to-eigrp
R1(config-route-map)# R1(config-router)#redistribute static metric 10000 1 255 1 1500 (not compulsory in case of static routes)

Testing and verification of configurations:
After the successful configurations you will find the static routes in R3’s routing table as the external routes:
Network 10.10.10.0, 20.10.10.0, 30.10.10.0 and 40.10.10.0 are the interfaces configured at R1 and after complete configuration you can find these routes in R3 routing table.
You can also perform an end to end ping for testing. Following are some other redistribution labs you can visit these as reference and learning.



UA-23728446-1