Solved! Go to solution.
I have not tried this - and do not know.
I do know there is a command-line version of AnyConnect - so I feel your chances would be pretty good.
@semsem2050 the client VPN development focusses around AnyConnect now. There are Linux clients for AnyConnect available and they will have newer algorithms.
Thanks for the info @cmr, also we have some docker (Ubuntu 20.04 OS) containers used by Gitlab CICD Pipeline in the cloud that should access some servers in the company office, and this docker should be configured with IPsec l2tp (Commands) for this purpose.
The client VPN service uses the L2TP tunneling protocol, and can be deployed without any additional software on PCs, Macs, iOS devices, and Android devices, since all of these operating systems natively support L2TP VPN connections.
Note: TLS (SSL) client VPN is supported on the MX with AnyConnect. To learn more, see AnyConnect on the MX Appliance
Note: Linux-based operating systems can support client VPN connections as well, although third-party packages may be necessary to support L2TP/IP.
Note: Establishing a client VPN connection when the client is located on the LAN of the MX is unsupported.
Client VPN uses the L2TP/IP protocol with the following encryption and hashing algorithms: 3DES and SHA1 for Phase1; AES128/3DES and SHA1 for Phase2. As a best practice, the shared secret should not contain any special characters at the beginning or end.
Owing to changes in the PCI-DSS Standard version 3.2.1, some auditors are now enforcing requirements for stronger encryption than the Meraki Client VPN default settings provide. Please contact Meraki Support if you need these values adjusted, but please be aware that some client devices may not support these more stringent requirements (AES128 encryption with DH group 14 - Required by PCI-DSS 3.2.1).
If you open a case with Meraki support, you can request they configure different settings for client VPN. Note that these affect every client. So if you request DH group 14 be enabled, then you will have to modify any other client connecting (including Windows) to use these new settings.
As others have stated, if you want security, you'll be much better to change over to AnyConnect. Note that you have to pay for AnyConnect licences (it is an extra cost), but they are not that much, and are really worth it.
Thank you @PhilipDAth for the info, I have a question, is it possible and easy to configure docker containers to use the Anyconnect because the developers use the Gitlab CICD Pipeline and docker container?
Thanks
I have not tried this - and do not know.
I do know there is a command-line version of AnyConnect - so I feel your chances would be pretty good.