[vpn-help] VPN Tunnel connection Established, but cannot ssh.
Matthew Grooms
mgrooms at shrew.net
Sun Dec 16 23:04:12 CST 2012
On 12/13/2012 9:52 PM, Kevin VPN wrote:
> On 12/11/2012 11:56 AM, Jinyan Huang wrote:
>> Dear Kevin,
>>
>> I am now using Shrew VPN on mac. The VPN Tunnel connection is
>> Established, but cannot ssh. The log file is in the attachment. Do you
>> have any suggestions? Thank you very much.
>>
>> Shrew version: 2.2.0
>> Mac version: 10.7.5
>>
>
> Hi Jinyan,
>
> I haven't been working with Shrew on Macs recently, so I'm not sure how
> much help I can be. For instance, I can't even remember if there's a
> Trace Utility for the Mac client. :(
>
> I looked through the iked.log quickly. All the usual things look ok:
> the VPN client IP address (10.2.2.0/24) does not overlap with the
> protected network (10.10.0.0/16), the policies get installed correctly,
> and the phase2 security association (sa) is established.
>
> Are you able to access the DNS server at 10.10.2.16?
>
Jinyan and Kevin,
DNS is not being configured correctly by the VPN Client. OSX versions
10.6 and later do not rely on the resolv.conf file. Instead they use a
registry like system that you write information into. Unfortunately it's
not very well documented. In any case, if the tunnel is working, you
should be able to resolve host names to IP addresses using dig or
nslookup ( still read resolv.conf ), but anything that uses the system
resolver will fail to use the correct name servers. I'm in the process
of adding support for the new resolver configuration.
-Matthew
More information about the vpn-help
mailing list