On Fri, 10 Dec 2004, Chris Andrews wrote:
This sounds like it might be a policy issue. Can you do a tcpdump on the Mac, and check that all the Mac's responses are encrypted? There's a slight weirdness on OSX with the port numbers used for l2tp, and I had some problems with packets 'escaping' the transport mode policy.
I actually did that, and it looks like I neglected to include the dump (and I'm at work right now, so I can't fetch it at the moment). Everything does wind up encrypted both ways on the Mac, and the packets leave/arrive at the appropriate time, though since they're encrypted I can't verify the contents. In any case, there doesn't seem to be anything coming through unencrypted between the two machines, and it's the Mac contacting the BSD box.
Another reason could be firewalling, but from your tcpdump it looks like correctly-encrypted packets are getting through.
Both machines are directly connected (well, through a hub), ipfw is off on the Mac, and pf is off on the BSD box.
To my knowledge the OSX client doesn't support NAT-T currently - I'm using it against a Linux/Openswan gateway which does NAT-T fine with Windows XP clients, and it fails if OSX is behind NAT. It might negotiate NAT-T with other gateways though.
NAT-T shouldn't be an issue here, since they are directly connected.
I'll fire off the packet dump from the OS X machine when I get back to the dorm, though I don't think it'll be terribly edifying (it's all encrypted; there's not an OS X equivalent to OpenBSD's enc device that I'm missing, is there?). Basically, everything goes to and from the hosts in a matching fashion, and what should be the LCP packets seems to be getting to the Mac, according to tcpdump; it just seems to be ignoring them. I'll see what I can find out about the ports when I get back, too, though I couldn't find any manner of config file for Apple's L2TP plugin to pppd.
Thanks,
David
