CPUG: The Check Point User Group

Resources for the Check Point Community, by the Check Point Community.

Tim Hall has done it again! He has just released the 2nd edition of "Max Power".
Rather than get into details here, I urge you to check out this announcement post.
It's a massive upgrade, and well worth checking out. -E


Results 1 to 2 of 2

Thread: iOS LT2P + dhcp based office mode

  1. #1
    Join Date
    Rep Power

    Default iOS LT2P + dhcp based office mode

    This is kind of a shot in the dark, but is anyone using L2TP on iOS? I'm using dhcp for officemode IP allocation and seeing that the MAC address unicasted to the dhcp server inside the dhcp request is basically random. This is causing iOS users to get a new IP every time they connect which is making things difficult with a different application. As a test i put capsule connect (iOS) in a lab replication and noticed its not doing this. What i can't tell is is this the iOS client creating random MACs or is it maybe that the MAC isn't sent in l2tp and checkpoint is generating a random one to deal with this.

    Any thoughts?

    I've done a debug on vpnd and all VPN modules in the kernel and i'm not seeing the mac address in either request. I'm not sure i'm looking in the right place yet.

  2. #2
    Join Date
    DFW, TX
    Rep Power

    Default Re: iOS LT2P + dhcp based office mode

    I've used it personally. I was one of the first people in the Dallas TAC with an iPhone. Tried L2TP-over-IPSec with an Edge, found a bug, helped isolate and fix it. That was actually pretty fun. I haven't run it at large scale, though. I wouldn't be surprised if it made up a new virtual MAC every time you connected. Apple is trying pretty hard to limit the ability to track a device between sessions.

    I also wouldn't expect to see a MAC address in any of the ordinary VPN debugs. There's probably an L2TP-specific debug which would log things like the client's DHCP request.

    Do you have a Mac to test? They use the same VPN client software on macOS and iOS. You could get better client-side information on the full desktop (full of Dtrace goodness!).

Similar Threads

  1. Office Mode with DHCP virutal IP?
    By security4it in forum SecureClient/SecuRemote
    Replies: 1
    Last Post: 2011-01-19, 08:44
  2. Issue with office mode and DHCP
    By lucid in forum SecureClient/SecuRemote
    Replies: 9
    Last Post: 2010-07-08, 05:34
  3. Office Mode and DHCP
    By Yasushi Kono in forum SecureClient/SecuRemote
    Replies: 5
    Last Post: 2006-12-22, 13:04
  4. DHCP Virtual Address (office mode) ??
    By karimi in forum SecureClient/SecuRemote
    Replies: 2
    Last Post: 2006-09-08, 15:52
  5. SecureClient (NGX)/Office Mode DHCP ip pooling
    By ChrisA in forum SecureClient/SecuRemote
    Replies: 3
    Last Post: 2006-06-08, 10:24


Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts