0
I typically keep a few IPSec VPN connections open, using IPSecuritas. But when I turn on my Mac's Internet Sharing feature, to share my Ethernet connection over wi-fi, some of these stop working.
It doesn't happen 100% of the time, but it stops working as soon as I turn Internet Sharing on, and starts as soon as I turn it off. I'm testing this by pinging a host that's in the VPN's network, and watching when it becomes unreachable.
The Internet Sharing feature assigns IPs in the 10.0.2.x range. As far as I know, this range isn't being used by IPSecuritas. For example, one host that I can no longer reach is in the 10.13.x.x range.
I'm running OS 10.7.4, connected to the Internet via a cable modem and router. The router, a WRT110, has IPSec Passthrough enabled.
Any suggestions on how I can debug this?
JW.
Posted 2012-06-12T23:44:15.613
Reputation: 76
1It seems like a desirable security feature for a vpn client, to deny you from giving access to the VPN to other computers without authentication. Since you say it is happening intermittently, it may be buggy or it may be something else. – Bruno9779 – 2012-06-13T01:59:13.840
Do you have the subnets on the two networks? Do they overlap? – Robert – 2012-06-15T16:34:30.817
The subnet of my Internet connection (over Ethernet) is 192.168.1.0/24. For one of the VPN connections that gets interrupted, it's 10.13.144.0/24. For Internet Sharing over wi-fi, I believe it uses 10.0.2.0/24 and 192.168.2.0/24, although I'm not positive about that. So it doesn't seem like they should overlap. – JW. – 2012-06-15T16:49:40.793
Maybe make note of the output of the route command while working and while broken and look for differences. – Robert – 2012-06-15T16:58:16.060
1It might also have something to do with the order that connections get turned on because the VPN will be pushing route commands to your machine. Maybe if its VPN then Internet Sharing then IS will over write the pushed VPN routes. While IS first then VPN would make sure that the VPN routes don't get over written. – Robert – 2012-06-15T17:00:46.400