On Dec 10, 2004, at 3:08 PM, David Riley wrote:
On Fri, 10 Dec 2004, Chris Andrews wrote:
This sounds like it might be a policy issue. Can you do a tcpdump on the Mac, and check that all the Mac's responses are encrypted? There's a slight weirdness on OSX with the port numbers used for l2tp, and I had some problems with packets 'escaping' the transport mode policy.
I actually did that, and it looks like I neglected to include the dump (and I'm at work right now, so I can't fetch it at the moment). Everything does wind up encrypted both ways on the Mac, and the packets leave/arrive at the appropriate time, though since they're encrypted I can't verify the contents. In any case, there doesn't seem to be anything coming through unencrypted between the two machines, and it's the Mac contacting the BSD box.
Yeah, the whole thing is encrypted. Here's the whole exchange after the isakmp key exchange on the Mac OS side up until it gives up, at which point it *does* slip out of transport mode...
19:12:03.506318 IP (tos 0x0, ttl 64, id 6712, offset 0, flags [none], length: 136) 192.168.2.1 > 192.168.2.5: ESP(spi=0x1856ff75,seq=0x1)
19:12:03.509158 IP (tos 0x0, ttl 64, id 8299, offset 0, flags [none], length: 168) 192.168.2.5 > 192.168.2.1: ESP(spi=0x082a5dfd,seq=0x1)
19:12:03.509505 IP (tos 0x0, ttl 64, id 6713, offset 0, flags [none], length: 88) 192.168.2.1 > 192.168.2.5: ESP(spi=0x1856ff75,seq=0x2)
19:12:03.509570 IP (tos 0x0, ttl 64, id 6714, offset 0, flags [none], length: 104) 192.168.2.1 > 192.168.2.5: ESP(spi=0x1856ff75,seq=0x3)
19:12:03.511019 IP (tos 0x0, ttl 64, id 9504, offset 0, flags [none], length: 88) 192.168.2.5 > 192.168.2.1: ESP(spi=0x082a5dfd,seq=0x2)
19:12:03.512958 IP (tos 0x0, ttl 64, id 18491, offset 0, flags [none], length:
104) 192.168.2.5 > 192.168.2.1: ESP(spi=0x082a5dfd,seq=0x3)
19:12:03.513103 IP (tos 0x0, ttl 64, id 6715, offset 0, flags [none], length: 120) 192.168.2.1 > 192.168.2.5: ESP(spi=0x1856ff75,seq=0x4)
19:12:03.513110 IP (tos 0x0, ttl 64, id 13469, offset 0, flags [none], length: 88) 192.168.2.5 > 192.168.2.1: ESP(spi=0x082a5dfd,seq=0x4)
19:12:03.522050 IP (tos 0x0, ttl 64, id 19, offset 0, flags [none], length: 88) 192.168.2.5 > 192.168.2.1: ESP(spi=0x082a5dfd,seq=0x5)
19:12:03.533989 IP (tos 0x0, ttl 64, id 18402, offset 0, flags [none], length: 88) 192.168.2.5 > 192.168.2.1: ESP(spi=0x082a5dfd,seq=0x6)
19:12:06.541835 IP (tos 0x0, ttl 64, id 10602, offset 0, flags [none], length: 88) 192.168.2.5 > 192.168.2.1: ESP(spi=0x082a5dfd,seq=0x7)
19:12:09.551810 IP (tos 0x0, ttl 64, id 13351, offset 0, flags [none], length: 88) 192.168.2.5 > 192.168.2.1: ESP(spi=0x082a5dfd,seq=0x8)
19:12:12.561898 IP (tos 0x0, ttl 64, id 10351, offset 0, flags [none], length: 88) 192.168.2.5 > 192.168.2.1: ESP(spi=0x082a5dfd,seq=0x9)
19:12:15.571942 IP (tos 0x0, ttl 64, id 26562, offset 0, flags [none], length: 88) 192.168.2.5 > 192.168.2.1: ESP(spi=0x082a5dfd,seq=0xa)
19:12:18.581994 IP (tos 0x0, ttl 64, id 28880, offset 0, flags [none], length: 88) 192.168.2.5 > 192.168.2.1: ESP(spi=0x082a5dfd,seq=0xb)
19:12:21.591974 IP (tos 0x0, ttl 64, id 14734, offset 0, flags [none], length: 88) 192.168.2.5 > 192.168.2.1: ESP(spi=0x082a5dfd,seq=0xc)
19:12:24.602111 IP (tos 0x0, ttl 64, id 4586, offset 0, flags [none], length: 88) 192.168.2.5 > 192.168.2.1: ESP(spi=0x082a5dfd,seq=0xd)
19:12:27.612090 IP (tos 0x0, ttl 64, id 28162, offset 0, flags [none], length: 88) 192.168.2.5 > 192.168.2.1: ESP(spi=0x082a5dfd,seq=0xe)
19:12:30.622154 IP (tos 0x0, ttl 64, id 21353, offset 0, flags [none], length: 88) 192.168.2.5 > 192.168.2.1: ESP(spi=0x082a5dfd,seq=0xf)
You can see from the timestamps that it stops responding after packet 6; the BSD machine is sending out packets every 3 seconds or so afterward.
Any suggestions as to how to proceed from here? If I was more familiar with l2tpd's codebase, and had the time, I might try to hack out a solution myself, but it's coming up on exam time...
Thanks,
David