Connect the MacOSX 10.4.10 L2TP client with Cisco router

Unanswered Question
Oct 18th, 2007
User Badges:
  • Bronze, 100 points or more

Has anyone managed to connect with Mac's L2TP client to a Cisco (1812W) router with IOS 12.4T? I have found a bug in the l2tp client of Mac which does not handle newer L2TP AVPs. However, the L2TP server on the router sends "56 PPPoE Relay Response Capability" and "57 PPPoE Relay Forward Capability" which will cause the Mac client to abort immediately.

It seems to me as if the L2TP client on MacOSX simply does not work with Cisco routers running 12.4(T).

The Windows client connects just fine.

I am currently looking whether it is possible to prevent the router from sending these AVPs but I have not found anything, yet.

Does anyone use the MacOSX client to connect successfully or knows a way how to disable those AVPs on the router?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
jsivulka Wed, 10/24/2007 - 06:14
User Badges:
  • Bronze, 100 points or more

The VPN client should be able to connect to an IOS router without an issue. I have sent you a URL on setting this up as well as a sample configuration for your review. The MAC OSX client install should be the same as the 3.6 client.

Gerald Vogt Wed, 10/24/2007 - 17:13
User Badges:
  • Bronze, 100 points or more

I know that the Cisco VPN Client connects to the router. I use the client myself. The point of using the L2TP client was to connect to the router with a client which comes with the OS and not being required to install another software.

b.julin Wed, 10/24/2007 - 09:02
User Badges:
  • Bronze, 100 points or more

FWIW, the native OSX client works with PIX/ASA, but panther won't work with NAT-T (tiger will.)

I doubt you'll be able to disable the AVPs. I hope they don't break this in the PIX image as well.

Gerald Vogt Wed, 10/24/2007 - 17:21
User Badges:
  • Bronze, 100 points or more

I have not found anything, yet, to disable the AVPs. Technically, they are O.K. and RFC compliant. The Tiger L2TP client does not recognize them. But what is worse: instead of ignoring them properly they try to check the size of the AVP against a static array which contains the expected sizes for all AVPs from the original RFC. Obviously accessing this array with an index larger then the array size results in random results or even a crash.

Thus, I don't think it is a problem of Cisco. I don't think they can "break this". What they do is RFC compliant. It is a bug of tiger. I just was wondering why noone noticed this problem yet. But I guess Cisco added those AVPs not long ago and I run pretty much the latest IOS version here.

Well, tomorrow I will get Leopard and will see if they have fixed this there or not.

Gerald Vogt Fri, 10/26/2007 - 22:15
User Badges:
  • Bronze, 100 points or more

I was hoping they have fixed this in Leopard. But unfortunately no difference...


This Discussion