On Wed, Jun 09, 2021 at 11:04:04AM +0000, Alexander Vainshtein wrote: > I mainly concur with Stewart's comments about sequence number checking.
There is also another potentially extensive 'deployment' of L2TP, especially over the last year, and that is as one of the options in the Microsoft Windows RAS VPN feature. If so, then that would be by relatively unsophisticated users, so they'd not really be able to tune it for issues. This is PPP/L2TP/ESP(transport-mode) occasionally using NAT-T, and negotiated by IKEv1. I don't know if the L2TP layer makes use of sequencing. I'd not be surprised if the ESP layer is using an anti-replay window, in which case the points already rehearsed wrt L4S would apply, but this time with people who won't know how to 'fix' it. We supported use of this in our protocol stack in our product for remote access until quiterecently, and I see there are other vendors who still offer the same mechanism. Specifically I'd imagine to easily interoperate with the RAS feature. DF _______________________________________________ Int-area mailing list [email protected] https://www.ietf.org/mailman/listinfo/int-area
