Issues in full tunnel mode on macOS 12.3.1
Posted: Mon Apr 11, 2022 8:21 pm
Hello,
I've just started having issues when connecting to my OpenVPN server ( running on my Synology NAS) when routing all traffic options. This has worked in the past and I can't really pinpoint when the issues started.
After I connect to my server I can't ping any address by their domain name only by IP, and if I run a traceroute to that same IP, traceroute takes forever to display the different hops ( although the icmp packets take only around 10/15 ms ).
Same if I run a traceroute to one of my remote workstations, it takes around 30 seconds to get a result although the packets took only around 8ms
I can run host and dig command with no problems, but netstat or netstat -r just sits there with no output forever. A netstat -rn shows what I believe to be the correct routing tables:
Now the really weird thing is, I can browse the internet with Chrome (no safari) which really doesn't make sense to me. Also when I run a traceroute to google.com using an online tool (https://traceroute-online.com/), the first hop is at 172.17.0.1 and it doesn't go through my home router. If I try to connect to 172.17.0.1 in Chrome I'm getting to my Synology DSM login page. Doing a "what's my IP" search in google correctly shows my home WAN address.
I've also tried connecting to my VPN using the split tunnel config and manually adding the following route (which I assume is what the "redirect-gateway def1" option does):
But then it's impossible to reach any of my remote IP ( it just suts there with no errors), and a traceroute to google.com goes through the default gateway rather than through the VPN connection.
One thing worth mentioning is that the same openVPN configuration is used on my iPhone, which is connected to the same wifi network and doesn't have any issues ( a traceroute with an Iphone app to google.com shows the expected routes out of my home network).
Thanks
I've just started having issues when connecting to my OpenVPN server ( running on my Synology NAS) when routing all traffic options. This has worked in the past and I can't really pinpoint when the issues started.
After I connect to my server I can't ping any address by their domain name only by IP, and if I run a traceroute to that same IP, traceroute takes forever to display the different hops ( although the icmp packets take only around 10/15 ms ).
Same if I run a traceroute to one of my remote workstations, it takes around 30 seconds to get a result although the packets took only around 8ms
I can run host and dig command with no problems, but netstat or netstat -r just sits there with no output forever. A netstat -rn shows what I believe to be the correct routing tables:
Code: Select all
Routing tables
Internet:
Destination Gateway Flags Netif Expire
0/1 10.8.0.5 UGScg utun5
default 10.10.203.2 UGScg en0
...
...
128.0/1 10.8.0.5 UGSc utun5
I've also tried connecting to my VPN using the split tunnel config and manually adding the following route (which I assume is what the "redirect-gateway def1" option does):
Code: Select all
route add 0/1 10.8.0.5
route add 128.0.0.0 10.8.0.5
One thing worth mentioning is that the same openVPN configuration is used on my iPhone, which is connected to the same wifi network and doesn't have any issues ( a traceroute with an Iphone app to google.com shows the expected routes out of my home network).
Thanks