Page 1 of 1

MacOS OneConnect Can't ping other device after connecting

Posted: 18 Jun 2019, 22:15
by php
Hi,
I'm not sure that this is the right place to ask, but I'm having trouble connecting to a Windows server from a Mac with OneConnect.
I got connected after manually adding the cert needed, but I can't ping another device once connected.

From a Windows machine on the same subnet I can rdp to the server no problem.

I'm not really sure how to proceed.
Any info would be appreciated.

Re: MacOS OneConnect Can't ping other device after connecting

Posted: 27 Jun 2019, 10:07
by Peter
Hello.

I would start by checking the logs in the Firewall and review the IP policy's that allows access from the SSL VPN interface to your internal network.

The logs "should" contain some clue as to why the connection does not work.

Also keep in mind that if you have defined the SSL VPN server pool to be in the same IP range as the server you are trying to reach, you must enable "Proxy ARP" on the SSL VPN interface towards the network the server you are trying to reach is located.

Example:
SSL VPN server pool : 192.168.1.240-192.168.1.250
Windows Server IP : 192.168.1.10
Network size : 192.168.10/24 / 255.255.255.0

In this scenario the Windows server will believe that any connection coming from an IP in it's network range belongs to it's own network area and will use ARP to locate it. By enabling ProxyARP towards the interface in the Firewall the Windows server is located the Firewall will reply to these ARP queries when the server asks for it and then the connection will work.

It can of course be other reasons, but this is fairly common. If the IP pool is in a completely different range than the server you are trying to reach, ProxyARP is not needed.

Best regards
/Peter

Re: MacOS OneConnect Can't ping other device after connecting

Posted: 05 Jul 2019, 17:05
by php
Thanks very much for that info Peter.
The issue seems to have resolved itself.

Is there a way to enable DNS for OneConnect for different DNS Suffixes?
I saw that how-to on the Shrew client and though it'd help to get to RDS servers via hostname

Is there another place where we can find those settings or enable that?

Thanks again,
-Harlan