David Riley wrote:
> suggestions? It seems like the problem is on the Mac side of things, > where they seem to be using a proprietary plugin to the standard ANU > pppd; this makes things somewhat harder to debug, since it seems like > the OpenBSD box is getting things mostly right.
I'm not so sure that the Mac is at fault because it works on Linux with Openswan and racoon:
http://www.jacco2.dds.nl/networking/freeswan-panther.html http://www.funknet.org/doc/tunnel/l2tp.html
decryption. In any case, the Mac doesn't respond to the Config-Requests, and the connections just time out after that.
This sounds like it might be a policy issue. Can you do a tcpdump on the Mac, and check that all the Mac's responses are encrypted? There's a slight weirdness on OSX with the port numbers used for l2tp, and I had some problems with packets 'escaping' the transport mode policy.
Another reason could be firewalling, but from your tcpdump it looks like correctly-encrypted packets are getting through.
To my knowledge the OSX client doesn't support NAT-T currently - I'm using it against a Linux/Openswan gateway which does NAT-T fine with Windows XP clients, and it fails if OSX is behind NAT. It might negotiate NAT-T with other gateways though.
Chris.