cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Does Client VPN on MacOS need a fix?

Highlighted
Conversationalist

Does Client VPN on MacOS need a fix?

Hi!

 

I noticed that my VPN to a Meraki MX64 suddenly stopped working. It connected, but I got no traffic through the tunnel. I verified the settings several times, and completely re-configured everything, but the problem remained. This only seems to affect MacOS. On a virtual Windows 10 on the same Macbook, it worked fine. I colleague also had the same problem on his Mac.

 

The problem for me was the ordering of the interfaces in the routing table. MacOS does not use metrics in its routing table, instead there is a (static?) order of interfaces, that you can view like this: 

 

 ~ networksetup -listnetworkserviceorder 

An asterisk (*) denotes that a network service is disabled.

(1) RNDIS/Ethernet Gadget

(Hardware Port: RNDIS/Ethernet Gadget, Device: en7)

 

(2) Thunderbolt Ethernet

(Hardware Port: Thunderbolt Ethernet, Device: en8)

 

(3) Wi-Fi

(Hardware Port: Wi-Fi, Device: en0)

 

(4) Bluetooth PAN

(Hardware Port: Bluetooth PAN, Device: en6)

 

(5) Thunderbolt Bridge

(Hardware Port: Thunderbolt Bridge, Device: bridge0)

 

(6) Meraki VPN

(Hardware Port: L2TP, Device: )

 
Noticed Meraki at the bottom? That ment the ordinary default route took all traffic, and the default route for the meraki ppp interface got nothing. So the fix was to change the order:
 
networksetup -ordernetworkservices "Meraki VPN" "RNDIS/Ethernet Gadget" "Thunderbolt Ethernet" Wi-Fi "Bluetooth PAN" "Thunderbolt Bridge"
 
...and voila! All good again!
 
Hope this helps someone, and if this is required on later MacOS releases it should maybe be included in the documentation?
 
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.