iOS LT2P + dhcp based office mode

[jflemingeds]

This is kind of a shot in the dark, but is anyone using L2TP on iOS? I'm using dhcp for officemode IP allocation and seeing that the MAC address unicasted to the dhcp server inside the dhcp request is basically random. This is causing iOS users to get a new IP every time they connect which is making things difficult with a different application. As a test i put capsule connect (iOS) in a lab replication and noticed its not doing this. What i can't tell is is this the iOS client creating random MACs or is it maybe that the MAC isn't sent in l2tp and checkpoint is generating a random one to deal with this.

Any thoughts?

I've done a debug on vpnd and all VPN modules in the kernel and i'm not seeing the mac address in either request. I'm not sure i'm looking in the right place yet.

[Bob_Zimmerman]

I've used it personally. I was one of the first people in the Dallas TAC with an iPhone. Tried L2TP-over-IPSec with an Edge, found a bug, helped isolate and fix it. That was actually pretty fun. I haven't run it at large scale, though. I wouldn't be surprised if it made up a new virtual MAC every time you connected. Apple is trying pretty hard to limit the ability to track a device between sessions.

I also wouldn't expect to see a MAC address in any of the ordinary VPN debugs. There's probably an L2TP-specific debug which would log things like the client's DHCP request.

Do you have a Mac to test? They use the same VPN client software on macOS and iOS. You could get better client-side information on the full desktop (full of Dtrace goodness!).