MacOS OneConnect Can't ping other device after connecting

Security Gateway Discussions
Post Reply
php
Posts: 2
Joined: 18 Jun 2019, 22:08

MacOS OneConnect Can't ping other device after connecting

Post by php » 18 Jun 2019, 22:15

Hi,
I'm not sure that this is the right place to ask, but I'm having trouble connecting to a Windows server from a Mac with OneConnect.
I got connected after manually adding the cert needed, but I can't ping another device once connected.

From a Windows machine on the same subnet I can rdp to the server no problem.

I'm not really sure how to proceed.
Any info would be appreciated.

Peter
Posts: 659
Joined: 10 Apr 2008, 14:14
Location: Clavister HQ - Örnsköldsvik

Re: MacOS OneConnect Can't ping other device after connecting

Post by Peter » 27 Jun 2019, 10:07

Hello.

I would start by checking the logs in the Firewall and review the IP policy's that allows access from the SSL VPN interface to your internal network.

The logs "should" contain some clue as to why the connection does not work.

Also keep in mind that if you have defined the SSL VPN server pool to be in the same IP range as the server you are trying to reach, you must enable "Proxy ARP" on the SSL VPN interface towards the network the server you are trying to reach is located.

Example:
SSL VPN server pool : 192.168.1.240-192.168.1.250
Windows Server IP : 192.168.1.10
Network size : 192.168.10/24 / 255.255.255.0

In this scenario the Windows server will believe that any connection coming from an IP in it's network range belongs to it's own network area and will use ARP to locate it. By enabling ProxyARP towards the interface in the Firewall the Windows server is located the Firewall will reply to these ARP queries when the server asks for it and then the connection will work.

It can of course be other reasons, but this is fairly common. If the IP pool is in a completely different range than the server you are trying to reach, ProxyARP is not needed.

Best regards
/Peter

php
Posts: 2
Joined: 18 Jun 2019, 22:08

Re: MacOS OneConnect Can't ping other device after connecting

Post by php » 05 Jul 2019, 17:05

Thanks very much for that info Peter.
The issue seems to have resolved itself.

Is there a way to enable DNS for OneConnect for different DNS Suffixes?
I saw that how-to on the Shrew client and though it'd help to get to RDS servers via hostname

Is there another place where we can find those settings or enable that?

Thanks again,
-Harlan

Post Reply