VPN makes Google unavailable

Discussion in 'macOS' started by mainstreetmark, Jul 14, 2006.

  1. mainstreetmark macrumors 68020

    mainstreetmark

    Joined:
    May 7, 2003
    Location:
    Saint Augustine, FL
    #1
    so, when I log in to VPN everything works as advertised, but google becomes unavailable, and likewise all sites with googleads also become unavailable.

    Safari gives me a "lost network connection" error after 30 secs.

    If I ping google locally, I get the same IP as I get when I ping from the remote server I'm ssh'd into.

    I've flushed DNS cache with 'sudo lookupd -flushcache', still no go.

    Any thoughts?
     
  2. theBB macrumors 68020

    theBB

    Joined:
    Jan 3, 2006
    #2
    When you activate VPN (to your company?), does it force your computer to go through the company's name server for everything? If so, maybe server on your company's end might have problems or maybe set up that way on purpose.
     
  3. mainstreetmark thread starter macrumors 68020

    mainstreetmark

    Joined:
    May 7, 2003
    Location:
    Saint Augustine, FL
    #3
    no - nothing like that. When I'm physically there, I can get to google just fine.
     
  4. Queso macrumors G4

    Joined:
    Mar 4, 2006
    #4
    Are you using the built-in VPN client, or a third party one such as Checkpoint or Cisco?
     
  5. mainstreetmark thread starter macrumors 68020

    mainstreetmark

    Joined:
    May 7, 2003
    Location:
    Saint Augustine, FL
  6. Sesshi macrumors G3

    Sesshi

    Joined:
    Jun 3, 2006
    Location:
    One Nation Under Gordon
    #6
    Tried a traceroute? look up your gateway? It may be that the VPN tunnel may have been set to be the conduit to the Internet if I'm phrasing that properly, and routing may not be taking place properly. I have similar problems with the Mac VPN client when on rare occasions I VPN into the server cluster for specific purposes. In Windows I could untick "use default gateway" and that would be fine but I can't spot a similar 'easy way out'. Hope you find what the problem is. And if you do, could you let us know?
     
  7. mainstreetmark thread starter macrumors 68020

    mainstreetmark

    Joined:
    May 7, 2003
    Location:
    Saint Augustine, FL
    #7
    the traceroute gets all the way there, and, as expected takes a different route when in VPN.
     
  8. Queso macrumors G4

    Joined:
    Mar 4, 2006
    #8
    Whatever you dial into could be set to disallow split tunneling, so that your computer is prevented from talking to anything but the VPN whilst connected. As others have suggested, you should connect then try to ping www.google.com from Terminal, which will tell you whether the DNS requests your computer sends out are being resolved. If they aren't, then you probably need to manually enter the DNS server in your office into your Mac's Network settings. Another thing that may work in the office is that your internal network's default gateway allows you to talk out to the 'Net, but the dial in gateway does not. You need to speak to your sys admin.

    EDIT: If the traceroute works, all that it tells us is that ICMP traffic is permitted. Is there a web proxy in the office that you can try routing your web queries through?
     
  9. mainstreetmark thread starter macrumors 68020

    mainstreetmark

    Joined:
    May 7, 2003
    Location:
    Saint Augustine, FL
    #9
    yeah, I pinged google both locally, and when ssh'd in to the office computers, and both resolve to the same IP. Neat, huh?
     
  10. mainstreetmark thread starter macrumors 68020

    mainstreetmark

    Joined:
    May 7, 2003
    Location:
    Saint Augustine, FL
    #10
    So, no one can figure this one out. A Windows machine, logged in as me, seems to work just fine, so the issue appears to be localized to the mac. :( Tough going, too, since this is a windows shop.
     
  11. marnen macrumors newbie

    Joined:
    Aug 3, 2006
    #11
    It's a simple enough issue, and it's been addressed many times on this forum and elsewhere. Basically, the problem appears to be that your corporate VPN does not provide access to the Internet as a whole, but rather expects "split routing": traffic to the Internet is routed the way it normally is, while traffic within the VPN goes through the VPN tunnel. Windows XP's VPN client apparently has a simple option to do this. Unfortunately, the same is not true of Mac OS X's VPN client, so you either need to edit your routing files or get another client such as DigiTunnel (excellent but a bit expensive), which supports split routing.
     
  12. mainstreetmark thread starter macrumors 68020

    mainstreetmark

    Joined:
    May 7, 2003
    Location:
    Saint Augustine, FL
    #12
    Yes, but as far as i could figure out with digitunnel, you route all of, say, port 80 in or out of the VPN, but as i'm developing web apps inside the network I need port 80 to be "inside".

    It's just silly that ALL websites work, except for any website remotely related to google. Even Google Earth and my pop gmail account fail.
     
  13. marnen macrumors newbie

    Joined:
    Aug 3, 2006
    #13
    A slight update to my earlier post in this thread. The Mac OS X VPN client now appears to support split routing.
     
  14. marnen macrumors newbie

    Joined:
    Aug 3, 2006
    #14
    Incorrect. DigiTunnel directs traffic through the VPN or not according to IP address, not port number. For example, 192.168.1.* might go through the VPN, while everything else doesn't.
     
  15. somewhatstunned macrumors member

    Joined:
    Aug 12, 2006
    #15
    marnen, how does it support split routing? I don't see any option. Do I have to manually do this?

    In Linux I can add my ISP's name servers to resolv.conf and that works. The same does not work with OSX.
     
  16. somewhatstunned macrumors member

    Joined:
    Aug 12, 2006
    #16
    Ah - found it.

    In the InternetConnect.Connect.Options dialog, uncheck "Send all traffic over VPN Connection"

    Now google and my ISP mail both work while connected to the VPN.
     
  17. mainstreetmark thread starter macrumors 68020

    mainstreetmark

    Joined:
    May 7, 2003
    Location:
    Saint Augustine, FL
    #17
    YES!

    That works nicely! So, I guess it knows which stuff needs to be piped through VPN or something? Smart little boxes.
     

Share This Page