Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
465
Views
0
Helpful
5
Replies

Connect the MacOSX 10.4.10 L2TP client with Cisco router

Gerald Vogt
Level 3
Level 3

‎10-18-2007 03:54 AM - edited ‎02-21-2020 03:19 PM

Has anyone managed to connect with Mac's L2TP client to a Cisco (1812W) router with IOS 12.4T? I have found a bug in the l2tp client of Mac which does not handle newer L2TP AVPs. However, the L2TP server on the router sends "56 PPPoE Relay Response Capability" and "57 PPPoE Relay Forward Capability" which will cause the Mac client to abort immediately.

It seems to me as if the L2TP client on MacOSX simply does not work with Cisco routers running 12.4(T).

The Windows client connects just fine.

I am currently looking whether it is possible to prevent the router from sending these AVPs but I have not found anything, yet.

Does anyone use the MacOSX client to connect successfully or knows a way how to disable those AVPs on the router?

Labels:
0 Helpful
5 Replies 5

jsivulka
Level 5
Level 5

‎10-24-2007 06:14 AM

The VPN client should be able to connect to an IOS router without an issue. I have sent you a URL on setting this up as well as a sample configuration for your review. The MAC OSX client install should be the same as the 3.6 client.

http://www.cisco.com/univercd/cc/td/doc/product/vpn/client/nonwin35/user_gd/index.htm

http://www.cisco.com/warp/public/471/ipsecrouter_vpn.html

0 Helpful

Gerald Vogt
Level 3
Level 3
In response to jsivulka

‎10-24-2007 05:13 PM

I know that the Cisco VPN Client connects to the router. I use the client myself. The point of using the L2TP client was to connect to the router with a client which comes with the OS and not being required to install another software.

0 Helpful

b.julin
Level 3
Level 3

‎10-24-2007 09:02 AM

FWIW, the native OSX client works with PIX/ASA, but panther won't work with NAT-T (tiger will.)

I doubt you'll be able to disable the AVPs. I hope they don't break this in the PIX image as well.

0 Helpful

Gerald Vogt
Level 3
Level 3
In response to b.julin

‎10-24-2007 05:21 PM

I have not found anything, yet, to disable the AVPs. Technically, they are O.K. and RFC compliant. The Tiger L2TP client does not recognize them. But what is worse: instead of ignoring them properly they try to check the size of the AVP against a static array which contains the expected sizes for all AVPs from the original RFC. Obviously accessing this array with an index larger then the array size results in random results or even a crash.

Thus, I don't think it is a problem of Cisco. I don't think they can "break this". What they do is RFC compliant. It is a bug of tiger. I just was wondering why noone noticed this problem yet. But I guess Cisco added those AVPs not long ago and I run pretty much the latest IOS version here.

Well, tomorrow I will get Leopard and will see if they have fixed this there or not.

0 Helpful

Gerald Vogt
Level 3
Level 3
In response to Gerald Vogt

‎10-26-2007 10:15 PM

I was hoping they have fixed this in Leopard. But unfortunately no difference...

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents