macOS Catalina 10.15.2: traffic not routed through tunnel #715
Comments
|
on my catalina VPN works fine only witch l2tp/ipsec witch cisco xAuth... my vpn users got xxx.xxx.43.xxx ip's and NAT to my global IP. That's work fine. But when I connect to vpn srv by l2tp/ipsec without cisco xAuth... I got adresses from xxx.xxx.42.xxx.. and global IP is a IP from WAN from hotspot restaurant ;/. My jump station in home are on win 10 and connect to server via l2tp/ipsec without cisco ... and got diffrent network ip compare to ip address on my mac witch cisco auth ;/ |
|
Hi @sebmoris thanks for your answer. I created a new VPN profile using Cisco IPsec and it seems to work correctly, routing all traffic through the tunnel even though there is no specific option for that in the Apple GUI. Thanks! I wonder if this is an Apple bug or a server configuration issue, since you also had an issue with your Win 10 system. |
|
Same here, I tried in start with L2TP / ipsec but didn't work but with build in Cisco IPSec Mac OS client worked smoothly. It uses same XAUTH configs to get connected. Frankly, i didn't dig deep further as it served the purpose other way. ;) So kudos to script from my side. |
|
Hi @hwdsl2 - maybe you should make a note in the documentation about this issue? Step 14 on this page says "make sure the Send all traffic over VPN connection checkbox is checked" but it doesn't work for macOS Catalina. Sounds like it's best recommend Cisco IPsec instead. https://github.com/hwdsl2/setup-ipsec-vpn/blob/master/docs/clients.md |
|
I heard back from Apple and they cannot reproduce this. |
|
Hi @letoams. Thanks for your help. I deleted the L2TP profile when I switched to IPsec but I will recreate it and try to reproduce the issue, and send you the logs. I have experienced other strange issues with VPN configs in the network prefs GUI in Catalina, such as profiles not appearing in the Set Service Order window but appearing twice in the VPN menu bar widget. So it seems to me they have a bit of work to do cleaning things up. |
|
@mark-turner Any update? |
|
Sorry for the delay. I haven’t had time to recreate the old config and
reproduce the issue. I’ll do it this week or else close the bug.
…On Sun, Feb 2, 2020 at 09:01 Lin Song ***@***.***> wrote:
@mark-turner <https://github.com/mark-turner> Any update?
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
<#715?email_source=notifications&email_token=AFOPXAQUCPJV44473UCRR53RAZ4TTA5CNFSM4KCRKSEKYY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOEKRQKHQ#issuecomment-581109022>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AFOPXAVCZECTUF5X5GKUHWTRAZ4TTANCNFSM4KCRKSEA>
.
|
|
@hwdsl2 and @letoams - I can't reproduce this issue on a clean install of 10.15.3 on my test system, so I guess there's something wrong with my primary system, which was upgraded from Mojave and previous versions. Do you have any idea how to fully clean out my networking prefs and reset everything without reinstalling? |
|
For example, other strange behavior I have observed includes seeing two menu items for a single VPN profile, and showing different connect time on the menu widget vs the System Prefs panel. See screenshots. |
|
@mark-turner I also see see the two menu item bug, but my VPN works fine. I think that's a bug in macos Catalina. |
|
Thanks @nodesocket. Which VPN profile do you use, Cisco or L2TP? |
|
@mark-turner Cisco/XAuth. |
|
Closing this as I can no longer reproduce on 10.15.3 |
|
We get the following error tried to remove and rejoin still the same.
I was tried but no luck still the same error. sudo killall racoon pls assist me if there any solution |
|
This worked for me in Catalina 10.15.3: First: make sure "Send all traffic over VPN is ticked" Then..... VPN Settings > Advanced > TCP/IP > Set IPV6 to Local Link Only. Now "Whats my IP" website shows VPN server address, not local router WAN address. Note: Seems it may be fixed in Catalina 10.15.5 |
|
@macjonesnz Thank you for the information. |
|
@macjonesnz that worked for us too |
|
I have checked all in place, but some time connects and sometimes getting the error as like above |
Using the built-in macOS L2TP client with "Send all traffic over VPN connection" enabled, I'm seeing that all traffic still goes through the local network. I even tried using the "Set service order" menu to position the VPN above the hardware interfaces, but it makes no difference.
@nodesocket reported a similar issue in bug #652: macOS Catalina connects but no traffic routing through tunnel -- sha2-truncbug
However, @hwdsl2 replied that the bug was fixed, and my installation includes the fix ("sha2-truncbug=no").
Is anyone else experiencing this, and is there a known workaround? Otherwise I will file a bug with Apple.
P.S. the VPN is working fine with iOS and older Mac clients. It is running on Ubuntu 18.04.3, if that makes any difference.
Thanks!
Mark
The text was updated successfully, but these errors were encountered: