No WAN traffic when connected on Macs
Posted: Tue Feb 27, 2024 2:19 pm
Hi,
When the VPN connects, local traffic works but there is not WAN traffic. This has been isoloated to Macbooks as the same config profile works with no issues on a windows machine. The windows machine can access local resourses and the internet just fine.
We are using Sophos XG firewalls for the SSH VPN configuration and OpenVPN as our client. The config on the Sophos side has been verified and as I said, the OpenVPN config file works fine on a windows machine. I have tried "redirect-gateway def1" but that did not work. Is there some trick or macbook setting to allow all trafic go over the VPN?
client
dev tun
proto tcp
verify-x509-name "C=NA, ST=NA, L=NA, O=NA, OU=NA, CN=Appliance_Certificate_LAkanLpTr8CTxE5, emailAddress=na@example.com"
route remote_host 255.255.255.255 net_gateway
resolv-retry infinite
nobind
persist-key
persist-tun
auth-user-pass
cipher AES-128-CBC
auth SHA256
comp-lzo no
;can_save no
;otp no
;run_logon_script no
;auto_connect
verb 3
reneg-sec 0
remote 70.234.239.185 8443 tcp-client
Any help is appreciated. Thank you
When the VPN connects, local traffic works but there is not WAN traffic. This has been isoloated to Macbooks as the same config profile works with no issues on a windows machine. The windows machine can access local resourses and the internet just fine.
We are using Sophos XG firewalls for the SSH VPN configuration and OpenVPN as our client. The config on the Sophos side has been verified and as I said, the OpenVPN config file works fine on a windows machine. I have tried "redirect-gateway def1" but that did not work. Is there some trick or macbook setting to allow all trafic go over the VPN?
client
dev tun
proto tcp
verify-x509-name "C=NA, ST=NA, L=NA, O=NA, OU=NA, CN=Appliance_Certificate_LAkanLpTr8CTxE5, emailAddress=na@example.com"
route remote_host 255.255.255.255 net_gateway
resolv-retry infinite
nobind
persist-key
persist-tun
auth-user-pass
cipher AES-128-CBC
auth SHA256
comp-lzo no
;can_save no
;otp no
;run_logon_script no
;auto_connect
verb 3
reneg-sec 0
remote 70.234.239.185 8443 tcp-client
Any help is appreciated. Thank you