Wireshark mailing list archives
Re: L2TP-over-IPsec (may be off topic)
From: Kok-Yong Tan <ktan () realityartisans com>
Date: Tue, 14 Sep 2010 16:35:42 -0400
On Sep 14, 2010, at 15:50, Sake Blok wrote:
On 14 sep 2010, at 20:15, Kok-Yong Tan wrote:On Sep 14, 2010, at 13:59, Sake Blok wrote:It seems like the L2TP tunnel just does not trigger the IPsec encapsulation to kick in. What does a network trace say? Only traffic on UDP port 1701, no UDP-500, no ip proto 50 and no UDP port 4500? That would be in sync with the above.This will be the next step but I haven't done that yet.That would get it a little more on-topic too, analysing the packets ;-)What type of L2TP-over-IPsec client and L2TP-over-IPsec server are involved?I'm trying various Macintoshes at OS versions 10.5.8 and 10.6.4 to an Xserve running OS version 10.4.11.If I understand your mails correctly, the FW does *not* terminate the IPsec tunnel, nor the L2TP tunnel within the IPsec tunnel. Both are terminated at the Xserve. In that case, the FW must have a NAT rule to forward incoming IKE+ESP/NAT-T traffic towards Xserve. Could it be that the NAT for IPsec secretly also forwards L2TP? A trace on the public and private side of the FW would really make finding the cause easier :-)
Understood. Will report back when I have gathered the data. Thanks, Sake. -- Reality Artisans, Inc. # Network Wrangling and Delousing P.O. Box 565, Gracie Station # Apple Certified Consultant New York, NY 10028-0019 # Apple Consultants Network member <http://www.realityartisans.com> # Apple Developer Connection member (212) 369-4876 (Voice) # My PGP public key can be found at <https://keyserver.pgp.com> ___________________________________________________________________________ Sent via: Wireshark-users mailing list <wireshark-users () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-users Unsubscribe: https://wireshark.org/mailman/options/wireshark-users mailto:wireshark-users-request () wireshark org?subject=unsubscribe
Current thread:
- L2TP-over-IPsec (may be off topic) Kok-Yong Tan (Sep 14)
- Re: L2TP-over-IPsec (may be off topic) Sake Blok (Sep 14)
- Re: L2TP-over-IPsec (may be off topic) Kok-Yong Tan (Sep 14)
- Re: L2TP-over-IPsec (may be off topic) Sake Blok (Sep 14)
- Re: L2TP-over-IPsec (may be off topic) Kok-Yong Tan (Sep 14)
- Re: L2TP-over-IPsec (may be off topic) Kok-Yong Tan (Sep 14)
- Re: L2TP-over-IPsec (may be off topic) Sake Blok (Sep 14)
- Re: L2TP-over-IPsec (may be off topic) Kok-Yong Tan (Sep 14)