Tuesday, 25 March 2014

problem with built in vpn client (cisco ipsec mode)


hi guys.
i'm able connect cisco vpn server via built in vpn client (i'm using os x 10.7.2) traffic doesn't go vpn networks.
have networks in routing when i'm trying ping ip have no response.

here outputs mac:

mac-mini:bin sk$ ifconfig
lo0: flags=8049<up,loopback,running,multicast> mtu 16384
options=3<rxcsum,txcsum>
inet6 fe80::1%lo0 prefixlen 64 scopeid 0x1
inet 127.0.0.1 netmask 0xff000000
inet6 ::1 prefixlen 128
gif0: flags=8010<pointopoint,multicast> mtu 1280
stf0: flags=0<> mtu 1280
en0: flags=8863<up,broadcast,smart,running,simplex,multicast> mtu 1500
options=2b<rxcsum,txcsum,vlan_hwtagging,tso4>
ether c4:2c:03:0b:22:db
inet6 fe80::c62c:3ff:fe0b:22db%en0 prefixlen 64 scopeid 0x4
inet 192.168.1.101 netmask 0xffffff00 broadcast 192.168.1.255
media: autoselect (100basetx <full-duplex,flow-control>)
status: active
en1: flags=8863<up,broadcast,smart,running,simplex,multicast> mtu 1500
ether 60:33:4b:01:0c:fb
media: autoselect (<unknown type>)
status: inactive
fw0: flags=8863<up,broadcast,smart,running,simplex,multicast> mtu 4078
lladdr e8:06:88:ff:fe:c5:34:b4
media: autoselect <full-duplex>
status: inactive
p2p0: flags=8843<up,broadcast,running,simplex,multicast> mtu 2304
ether 02:33:4b:01:0c:fb
media: autoselect
status: inactive
utun0: flags=8051<up,pointopoint,running,multicast> mtu 1280
inet 10.147.255.20 --> 10.147.255.20 netmask 0xffffff80


mac-mini:bin sk$ netstat -rn
routing tables

internet:
destination gateway flags refs use netif expire
default 192.168.1.1 ugsc 276 0 en0
default utun0 ucsi 0 0 utun0
10 10.147.255.20 ugsc 1 0 utun0
10.147.255.20 10.147.255.20 uh 4 7 utun0
80.253.13.168 192.168.1.1 ughs 0 0 en0
127 127.0.0.1 ucs 0 0 lo0
127.0.0.1 127.0.0.1 uh 13 30374 lo0
169.254 link#4 ucs 0 0 en0
172.16/12 10.147.255.20 ugsc 0 4 utun0
192.168.0/16 10.147.255.20 ugsc 0 11 utun0
192.168.1 link#4 ucs 2 0 en0
192.168.1.1 0:1c:10:a3:f2:f7 uhlwii 277 68 en0 1190
192.168.1.101 127.0.0.1 uhs 0 0 lo0


can't ping utun0 ip:

mac-mini:bin sk$ ping 10.147.255.20
ping 10.147.255.20 (10.147.255.20): 56 data bytes
request timeout icmp_seq 0
request timeout icmp_seq 1
request timeout icmp_seq 2
request timeout icmp_seq 3
...

mac-mini:bin sk$ ping 172.16.1.5
ping 172.16.1.5 (172.16.1.5): 56 data bytes
request timeout icmp_seq 0
request timeout icmp_seq 1
request timeout icmp_seq 2
request timeout icmp_seq 3

when connect vpn server windows using cisco vpn client works fine.

might problem?
 

i notice local subnet (192.168.1.x) conflicts entry on vpn. i'm surprised vpn provider tunnelling both 172.16 , 192.168 networks.

option, appears, use 10.x.y.z subnet doesn't conflict, such 10.200.1.x.
 


Forums Macs macOS Older OS X Versions Mac OS X Lion (10.7)


  • iPhone
  • Mac OS & System Software
  • iPad
  • Apple Watch
  • Notebooks
  • iTunes
  • Apple ID
  • iCloud
  • Desktop Computers
  • Apple Music
  • Professional Applications
  • iPod
  • iWork
  • Apple TV
  • iLife
  • Wireless

Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)