Connect the MacOSX 10.4.10 L2TP client with Cisco router

Unanswered Question
Oct 18th, 2007

Has anyone managed to connect with Mac's L2TP client to a Cisco (1812W) router with IOS 12.4T? I have found a bug in the l2tp client of Mac which does not handle newer L2TP AVPs. However, the L2TP server on the router sends "56 PPPoE Relay Response Capability" and "57 PPPoE Relay Forward Capability" which will cause the Mac client to abort immediately.

It seems to me as if the L2TP client on MacOSX simply does not work with Cisco routers running 12.4(T).

The Windows client connects just fine.

I am currently looking whether it is possible to prevent the router from sending these AVPs but I have not found anything, yet.

Does anyone use the MacOSX client to connect successfully or knows a way how to disable those AVPs on the router?

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Gerald Vogt Wed, 10/24/2007 - 17:13

I know that the Cisco VPN Client connects to the router. I use the client myself. The point of using the L2TP client was to connect to the router with a client which comes with the OS and not being required to install another software.

b.julin Wed, 10/24/2007 - 09:02

FWIW, the native OSX client works with PIX/ASA, but panther won't work with NAT-T (tiger will.)

I doubt you'll be able to disable the AVPs. I hope they don't break this in the PIX image as well.

Gerald Vogt Wed, 10/24/2007 - 17:21

I have not found anything, yet, to disable the AVPs. Technically, they are O.K. and RFC compliant. The Tiger L2TP client does not recognize them. But what is worse: instead of ignoring them properly they try to check the size of the AVP against a static array which contains the expected sizes for all AVPs from the original RFC. Obviously accessing this array with an index larger then the array size results in random results or even a crash.

Thus, I don't think it is a problem of Cisco. I don't think they can "break this". What they do is RFC compliant. It is a bug of tiger. I just was wondering why noone noticed this problem yet. But I guess Cisco added those AVPs not long ago and I run pretty much the latest IOS version here.

Well, tomorrow I will get Leopard and will see if they have fixed this there or not.

Gerald Vogt Fri, 10/26/2007 - 22:15

I was hoping they have fixed this in Leopard. But unfortunately no difference...

Actions

This Discussion