[vpn-help] mac osx, vpn works on wireless, not on wired
Kevin VPN
kvpn at live.com
Mon Mar 5 22:23:00 CST 2012
On 03/05/2012 02:43 PM, Gary Schrock wrote:
> Ok, this one is kinda puzzling us. We've run into a situation using
> the mac build for 2.1.7 where we can connect to our vpn when we're
> connected over wireless, but not when it's connected via a wired
> connection. We're using the same config file on both pc's and mac's,
> and have had no problems at all with the pc's, and as I said, when
> using a wireless connection it's working fine on the mac. But we've
> now tried three different mac machines, and all of them work on
> wireless, and not on wired using the same config.
>
> What seems to happen is that we'll get a connection, and to the
> "Tunnel enabled" part, but then either as soon as we try to send
> traffic across, or 15 seconds after we've connected, we get network
> unavailable, and it drops. On the wired mac, it seems unable to
> establish the phase 2 portion (on all other setups, when we try
> sending traffic across, our juniper firewall logs the phase 2
> connection established). We get no error messages on the firewall
> side with the wired mac, just never any evidence that it attempts to
> establish the phase 2. All the logs on the firewall up to that point
> are identical across all our configs.
>
> So, anyone have any thoughts on what we're missing about what's
> different with the wired connection on a Mac?
>
If you suspect phase2 is failing, the iked debug from Shrew can help
determine that (note that you may have to hunt around to find where
iked.log is on the Mac):
http://www.shrew.net/support/wiki/BugReportVpnUnix
However, I suspect the problem may be something else and Phase2 is just
a symptom. In the iked.log, we'll probably find the the phase2
negotiation packets time out because something is eating the responses
before they get back to the client.
That said, I've almost no experience with Macs, so I can't really help
more than that.
BTW, are the IP spaces used by the wired Mac and wireless Mac the same?
Is one NATted when the other isn't?
More information about the vpn-help
mailing list