site_archiver@lists.apple.com Delivered-To: macnetworkprog@lists.apple.com Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:mime-version:received:in-reply-to :references:from:date:message-id:subject:to:cc:content-type :content-transfer-encoding; bh=bdQrWeMmowcq4VOgBYSwu2txRLwlmwe7Gf5+kU8DTDA=; b=pjpiSJP2quHfx6gcnX7C6TFzHSL5RBAGfKq94+aSNcdDBNA4nSS31Pl3/ziJWUOWFs iBaO+UzkecIE/ZmHDD21BdVYUkWTowZslHqOlKtkGigsot8izAf6giR15jOiUbkXGued OMUUBZousooQ8GvK9D6TXZgvzvjEYKY8dKSUk= Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-type:content-transfer-encoding; b=M7Wsxe86NHO1X6ZKIxzop6o1RiAUYE2bsRyY8bXWRL/NaIT+YQt4KZq6ZDKfuGttN7 vY8iI+TR4cviwd9WbYto16s4ZVlLbM6i03GwPceD4zo9fwyIxPjPcprJXdTCYmb84XPd 3eupNyGfIs3MSG8H0rM/KloUCenkEseLK/PV8= Hi Brendan, About these specific VPN software. I was under the impression that each VPN client is responsible to create its own tap and/or tun interface when it launches. In the case of pppd, it will create and manage its own ptpp interface (ppp0). $ netstat -rn will give the routing tables. So you might grab that before starting any VPN clients, then comparing it to the routing table after the clients are started to see what changed. My experience using multiple tun/tap based VPN clients has been a bad one. What I found was that each client tried to install its own tun/tap files to the same location (with incompatible version). And generally, having one VPN client installed broke the other one. And/or running multiple clients at the same time created a device conflict. One thing you could answer for me please is what os and version of social vpn you are running? It looks like mac os-x. Which (again) I could not get working. It would really be a help to see someone confirm a working SocialVPN client on Mac. Thanks On Wed, Jun 9, 2010 at 2:06 AM, Brendan Creane <bcreane@gmail.com> wrote:
Hello All,
I have an interface filter that rewrites network traffic associated with physical as well as most virtual network interfaces (e.g. Cisco AnyConnect, OpenVPN's tun/tap, Juniper, etc.).
However for the utun0 network interface created by the Apple VPN client (in Cisco IPSec mode), no traffic is visible to my interface filter driver. The unencrypted traffic is also not visible to tcpdump, so there's something interesting going on in terms of how the Apple IPSec client is tunneling traffic to the remote end. The encrypted (ESP) traffic is visible on en[01], but obviously not the unencrypted traffic.
Interestingly the utun0 interface created by the Cisco AnyConnect client works fine -- my interface filter (and tcpdump) can see the unencrypted traffic associated with their version of utun0. The unencrypted traffic associated with Apple PPTP client is visible as well.
Does anyone have any insight into how the Apple VPN Cisco IPSec client routes unencrypted traffic, and is it possible to see that traffic before it's encrypted? I'm guessing there's a user-mode process or a socket filter that's grabbing the traffic before BPF/interface filters get a chance to inspect the traffic on utun0, but it would be helpful to understand how it's working.
thanks for your assistance, brendan creane _______________________________________________ Do not post admin requests to the list. They will be ignored. Macnetworkprog mailing list (Macnetworkprog@lists.apple.com) Help/Unsubscribe/Update your Subscription: http://lists.apple.com/mailman/options/macnetworkprog/dreamcat4%40gmail.com
This email sent to dreamcat4@gmail.com
_______________________________________________ Do not post admin requests to the list. They will be ignored. Macnetworkprog mailing list (Macnetworkprog@lists.apple.com) Help/Unsubscribe/Update your Subscription: http://lists.apple.com/mailman/options/macnetworkprog/site_archiver%40lists.... This email sent to site_archiver@lists.apple.com