Issues in full tunnel mode on macOS 12.3.1

[alevfx]

Hello,

I've just started having issues when connecting to my OpenVPN server ( running on my Synology NAS) when routing all traffic options. This has worked in the past and I can't really pinpoint when the issues started.

After I connect to my server I can't ping any address by their domain name only by IP, and if I run a traceroute to that same IP, traceroute takes forever to display the different hops ( although the icmp packets take only around 10/15 ms ).
Same if I run a traceroute to one of my remote workstations, it takes around 30 seconds to get a result although the packets took only around 8ms

I can run host and dig command with no problems, but netstat or netstat -r just sits there with no output forever. A netstat -rn shows what I believe to be the correct routing tables:

Code: Select all

Routing tables

Internet:
Destination	Gateway		Flags		Netif Expire
0/1		10.8.0.5	UGScg		utun5       
default		10.10.203.2	UGScg		en0       
...
...
128.0/1		10.8.0.5	UGSc		utun5

Now the really weird thing is, I can browse the internet with Chrome (no safari) which really doesn't make sense to me. Also when I run a traceroute to google.com using an online tool (https://traceroute-online.com/), the first hop is at 172.17.0.1 and it doesn't go through my home router. If I try to connect to 172.17.0.1 in Chrome I'm getting to my Synology DSM login page. Doing a "what's my IP" search in google correctly shows my home WAN address.

I've also tried connecting to my VPN using the split tunnel config and manually adding the following route (which I assume is what the "redirect-gateway def1" option does):

Code: Select all

route add 0/1 10.8.0.5
route add 128.0.0.0 10.8.0.5

But then it's impossible to reach any of my remote IP ( it just suts there with no errors), and a traceroute to google.com goes through the default gateway rather than through the VPN connection.

One thing worth mentioning is that the same openVPN configuration is used on my iPhone, which is connected to the same wifi network and doesn't have any issues ( a traceroute with an Iphone app to google.com shows the expected routes out of my home network).

Thanks

[alevfx]

So it seems it has to do with my current wifi connection since if I connect to the internet using my iPhone as a hotspot everything works as expected.
Is it because of the 10.0.0.0 network ? If so why would this cause issues only on the mac on not on the iPhone?

Thanks

[TinCanTech]

If you think this is due to your VPN then you may want to check your vpn log files and such ..

Unless you prefer the wild stabbing in the dark approach ..

[alevfx]

I've checked my VPN log files (both on the server and client-side) and couldn't see any issue

[TinCanTech]

Must be ok then ..

[alevfx]

Must have been ok I guess, changing the IP pool from 10.8.0.0/24 to 10.66.77.0/24 fixed the issue. No other configuration changes were made to the openVPN server.