Wireshark mailing list archives

Re: L2TP-over-IPsec (may be off topic)

From: Kok-Yong Tan <ktan () realityartisans com>
Date: Tue, 14 Sep 2010 16:35:42 -0400


On Sep 14, 2010, at 15:50, Sake Blok wrote:

On 14 sep 2010, at 20:15, Kok-Yong Tan wrote:

On Sep 14, 2010, at 13:59, Sake Blok wrote:

It seems like the L2TP tunnel just does not trigger the IPsec
encapsulation to kick in. What does a network trace say? Only
traffic on UDP port 1701, no UDP-500, no ip proto 50 and no UDP
port 4500? That would be in sync with the above.


This will be the next step but I haven't done that yet.


That would get it a little more on-topic too, analysing the  
packets ;-)

What type of L2TP-over-IPsec client and L2TP-over-IPsec server are
involved?


I'm trying various Macintoshes at OS versions 10.5.8 and 10.6.4 to an
Xserve running OS version 10.4.11.


If I understand your mails correctly, the FW does *not* terminate  
the IPsec tunnel, nor the L2TP tunnel within the IPsec tunnel. Both  
are terminated at the Xserve. In that case, the FW must have a NAT  
rule to forward incoming IKE+ESP/NAT-T traffic towards Xserve.  
Could it be that the NAT for IPsec secretly also forwards L2TP?

A trace on the public and private side of the FW would really make  
finding the cause easier :-)


Understood.  Will report back when I have gathered the data.  Thanks,  
Sake.

--
Reality Artisans, Inc.             #   Network Wrangling and Delousing
P.O. Box 565, Gracie Station       #   Apple Certified Consultant
New York, NY 10028-0019            #   Apple Consultants Network member
<http://www.realityartisans.com>   #   Apple Developer Connection member
(212) 369-4876 (Voice)             #   My PGP public key can be found  
at <https://keyserver.pgp.com>




___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe

Current thread:

L2TP-over-IPsec (may be off topic) Kok-Yong Tan (Sep 14)
- Re: L2TP-over-IPsec (may be off topic) Sake Blok (Sep 14)
  - Re: L2TP-over-IPsec (may be off topic) Kok-Yong Tan (Sep 14)
    - Re: L2TP-over-IPsec (may be off topic) Sake Blok (Sep 14)
    - Re: L2TP-over-IPsec (may be off topic) Kok-Yong Tan (Sep 14)
- Re: L2TP-over-IPsec (may be off topic) Kok-Yong Tan (Sep 14)