problem with built in vpn client (cisco ipsec mode)

[sergonius]

Hi guys.
I'm able to connect to cisco vpn server via built in vpn client (i'm using OS X 10.7.2) but traffic doesn't go to vpn networks.
I have that networks in routing but when i'm trying to ping any ip i have no response.

Here is some outputs from my mac:

Mac-mini:bin sk$ ifconfig
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384
options=3<RXCSUM,TXCSUM>
inet6 fe80::1%lo0 prefixlen 64 scopeid 0x1
inet 127.0.0.1 netmask 0xff000000
inet6 ::1 prefixlen 128
gif0: flags=8010<POINTOPOINT,MULTICAST> mtu 1280
stf0: flags=0<> mtu 1280
en0: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
options=2b<RXCSUM,TXCSUM,VLAN_HWTAGGING,TSO4>
ether c4:2c:03:0b:22:db
inet6 fe80::c62c:3ff:fe0b:22db%en0 prefixlen 64 scopeid 0x4
inet 192.168.1.101 netmask 0xffffff00 broadcast 192.168.1.255
media: autoselect (100baseTX <full-duplex,flow-control>)
status: active
en1: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
ether 60:33:4b:01:0c:fb
media: autoselect (<unknown type>)
status: inactive
fw0: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 4078
lladdr e8:06:88:ff:fe:c5:34:b4
media: autoselect <full-duplex>
status: inactive
p2p0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 2304
ether 02:33:4b:01:0c:fb
media: autoselect
status: inactive
utun0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1280
inet 10.147.255.20 --> 10.147.255.20 netmask 0xffffff80


Mac-mini:bin sk$ netstat -rn
Routing tables

Internet:
Destination Gateway Flags Refs Use Netif Expire
default 192.168.1.1 UGSc 276 0 en0
default utun0 UCSI 0 0 utun0
10 10.147.255.20 UGSc 1 0 utun0
10.147.255.20 10.147.255.20 UH 4 7 utun0
80.253.13.168 192.168.1.1 UGHS 0 0 en0
127 127.0.0.1 UCS 0 0 lo0
127.0.0.1 127.0.0.1 UH 13 30374 lo0
169.254 link#4 UCS 0 0 en0
172.16/12 10.147.255.20 UGSc 0 4 utun0
192.168.0/16 10.147.255.20 UGSc 0 11 utun0
192.168.1 link#4 UCS 2 0 en0
192.168.1.1 0:1c:10:a3:f2:f7 UHLWIi 277 68 en0 1190
192.168.1.101 127.0.0.1 UHS 0 0 lo0


But i can't ping even utun0 ip:

Mac-mini:bin sk$ ping 10.147.255.20
PING 10.147.255.20 (10.147.255.20): 56 data bytes
Request timeout for icmp_seq 0
Request timeout for icmp_seq 1
Request timeout for icmp_seq 2
Request timeout for icmp_seq 3
...

Mac-mini:bin sk$ ping 172.16.1.5
PING 172.16.1.5 (172.16.1.5): 56 data bytes
Request timeout for icmp_seq 0
Request timeout for icmp_seq 1
Request timeout for icmp_seq 2
Request timeout for icmp_seq 3

When i connect to that vpn server from windows using cisco vpn client everything works fine.

What might be the problem?

 

[belvdr]

I notice that your local subnet (192.168.1.x) conflicts with an entry on the VPN. I'm surprised your VPN provider is tunnelling both 172.16 and 192.168 networks.

Your option, it appears, is to use a 10.x.y.z subnet that doesn't conflict, such as 10.200.1.x.

 

[sergonius]

It's vpn to my job so networks like 192.168.0.0/16 and 172.16.0.0/12 is ok.
I removed "conflicting" route 192.168.0/16 10.147.255.20 UGSc 0 11 utun0 from routing table by hands but still can't get traffic to my vpn networks.

 

[belvdr]

It's vpn to my job so networks like 192.168.0.0/16 and 172.16.0.0/12 is ok.
I removed "conflicting" route 192.168.0/16 10.147.255.20 UGSc 0 11 utun0 from routing table by hands but still can't get traffic to my vpn networks.

I'd still try changing the network, or potentially, removing your wireless router and plugging straight into your Internet device and see if it works. If it still doesn't then there's something on the OS that's causing it, like a firewall.

 

[sergonius]

It's definitely something with OS. In the same conditions windows cisco vpn client works perfect, but in mac OS X even utun0 ip isn't reachable.
I've checked firewall and it's disabled.

 

[belvdr]

It's definitely something with OS. In the same conditions windows cisco vpn client works perfect, but in mac OS X even utun0 ip isn't reachable.
I've checked firewall and it's disabled.

If you connect your Mac straight to your Internet device, bypassing the router, then I'd think your subnet conflicting with work is causing the problem.

 

[sergonius]

Don't think so, netstat shows that packet counters for utun0 equal 0.

Mac-mini:bin sk$ netstat -i
Name Mtu Network Address Ipkts Ierrs Opkts Oerrs Coll
lo0 16384 <Link#1> 37412 0 37412 0 0
lo0 16384 localhost fe80:1::1 37412 - 37412 - -
lo0 16384 127 localhost 37412 - 37412 - -
lo0 16384 localhost ::1 37412 - 37412 - -
gif0* 1280 <Link#2> 0 0 0 0 0
stf0* 1280 <Link#3> 0 0 0 0 0
en0 1500 <Link#4> c4:2c:03:0b:22:db 25049 0 23332 0 0
en0 1500 sk fe80:4::c62c:3ff: 25049 - 23332 - -
en0 1500 192.168.1 192.168.1.101 25049 - 23332 - -
en1 1500 <Link#5> 60:33:4b:01:0c:fb 0 0 0 0 0
fw0 4078 <Link#6> e8:06:88:ff:fe:c5:34:b4 0 0 0 0 0
p2p0 2304 <Link#7> 02:33:4b:01:0c:fb 0 0 0 0 0
utun0 1280 <Link#8> 0 0 0 0 0
utun0 1280 10.147.255/25 10.147.255.83 0 - 0 - -

 

[belvdr]

Again, try the Mac connected straight to the Internet device (modem) and see if anything changes. I can tell you I've seen many customers have strange issues like this. Different operating systems (and different VPN clients) react differently.

 

[k0wa]

Out of curiosity did you ever get this working?

 

[sergonius]

I've tried connect mac straight to the internet but nothing changed.
Any ideas how to fix the problem?

 

[parisv]

I have pretty much the same problem

Has anyone managed to fix this?

 

[xamart]

Me too, after ipsec connection I'm unable to connect to any host in the remote network. Doesn't work in mountain lion nor iPad with iOS 6.1.3, but works ok in windows pcs.

Has anyone else suffering this?

 

[iloapps]

Me too, after ipsec connection I'm unable to connect to any host in the remote network. Doesn't work in mountain lion nor iPad with iOS 6.1.3, but works ok in windows pcs.

Has anyone else suffering this?

Same here. New to this forum when tried to lookout an answer to this problem. Exactly the same situation. Works with Windows, direct connection to Internet through various ISPs. Does not work with native Cisco IPsec client in OS X 10.8.4..

Please let us know if you find a solution to this, thanks!

 

[pktp]

I've the exact same problem :|

 

[bipkt]

Has anyone had any luck with this yet?

Able to connect to VPN server but can't ping any servers other than certain ip's : like 192.163.2.*