Hi! I noticed that my VPN to a Meraki MX64 suddenly stopped working. It connected, but I got no traffic through the tunnel. I verified the settings several times, and completely re-configured everything, but the problem remained. This only seems to affect MacOS. On a virtual Windows 10 on the same Macbook, it worked fine. I colleague also had the same problem on his Mac. The problem for me was the ordering of the interfaces in the routing table. MacOS does not use metrics in its routing table, instead there is a (static?) order of interfaces, that you can view like this: ~ networksetup -listnetworkserviceorder An asterisk (*) denotes that a network service is disabled. (1) RNDIS/Ethernet Gadget (Hardware Port: RNDIS/Ethernet Gadget, Device: en7) (2) Thunderbolt Ethernet (Hardware Port: Thunderbolt Ethernet, Device: en8) (3) Wi-Fi (Hardware Port: Wi-Fi, Device: en0) (4) Bluetooth PAN (Hardware Port: Bluetooth PAN, Device: en6) (5) Thunderbolt Bridge (Hardware Port: Thunderbolt Bridge, Device: bridge0) (6) Meraki VPN (Hardware Port: L2TP, Device: ) Noticed Meraki at the bottom? That ment the ordinary default route took all traffic, and the default route for the meraki ppp interface got nothing. So the fix was to change the order: networksetup -ordernetworkservices "Meraki VPN" "RNDIS/Ethernet Gadget" "Thunderbolt Ethernet" Wi-Fi "Bluetooth PAN" "Thunderbolt Bridge" ...and voila! All good again! Hope this helps someone, and if this is required on later MacOS releases it should maybe be included in the documentation?
... View more
I switched from Mac to Linux recently and a thing I got stuck on for a while is the easy way to establish L2TP VPN connections from a mac to a Meraki firewall. On a mac it is very easy to set up, but on Linux I ran into some trouble getting it working. Now that is does work I'd thought I'd share a solution. Please note that this is a bit static and may break if future meraki updates changes cipher suite for example. Ofcourse everything Linux-related is distro-depending so this is tested on Debian 10, kernel 4.19, i3wm, since that is what I use. The firewall is a Meraki MX64. 1. Make sure network-manager is handling network connections. Read this. 2. You need the following packets (depending on WM): network-manager-l2tp-gnome network-manager-strongswan network-manager-l2tp strongswan-nm 3. Restart network-manager systemd restart network-manager 4. There is a daemon running called xl2tpd that messes up things. There's info about this on this forum. So: sudo systemd stop xl2tpd
sudo systemd disable xl2tpd 5. Create a VPN connection in nm-connection-editor and modify IPSec and PPP properties accordingly: Cheers!
... View more