Re: AppleVPN / Cisco IPSec traffic not visible via virtual network interface (utun0)
Re: AppleVPN / Cisco IPSec traffic not visible via virtual network interface (utun0)
- Subject: Re: AppleVPN / Cisco IPSec traffic not visible via virtual network interface (utun0)
- From: Dreamcat Four <email@hidden>
- Date: Wed, 9 Jun 2010 09:05:12 +0100
Hi Brendan,
About these specific VPN software. I was under the impression that
each VPN client is responsible to create its own tap and/or tun
interface when it launches. In the case of pppd, it will create and
manage its own ptpp interface (ppp0).
$ netstat -rn
will give the routing tables. So you might grab that before starting
any VPN clients, then comparing it to the routing table after the
clients are started to see what changed.
My experience using multiple tun/tap based VPN clients has been a bad
one. What I found was that each client tried to install its own
tun/tap files to the same location (with incompatible version). And
generally, having one VPN client installed broke the other one. And/or
running multiple clients at the same time created a device conflict.
One thing you could answer for me please is what os and version of
social vpn you are running? It looks like mac os-x. Which (again) I
could not get working. It would really be a help to see someone
confirm a working SocialVPN client on Mac.
Thanks
On Wed, Jun 9, 2010 at 2:06 AM, Brendan Creane <email@hidden> wrote:
> Hello All,
>
> I have an interface filter that rewrites network traffic associated
> with physical as well as most virtual network interfaces (e.g. Cisco
> AnyConnect, OpenVPN's tun/tap, Juniper, etc.).
>
> However for the utun0 network interface created by the Apple VPN
> client (in Cisco IPSec mode), no traffic is visible to my interface
> filter driver. The unencrypted traffic is also not visible to tcpdump,
> so there's something interesting going on in terms of how the Apple
> IPSec client is tunneling traffic to the remote end. The encrypted
> (ESP) traffic is visible on en[01], but obviously not the unencrypted
> traffic.
>
> Interestingly the utun0 interface created by the Cisco AnyConnect
> client works fine -- my interface filter (and tcpdump) can see the
> unencrypted traffic associated with their version of utun0. The
> unencrypted traffic associated with Apple PPTP client is visible as
> well.
>
> Does anyone have any insight into how the Apple VPN Cisco IPSec client
> routes unencrypted traffic, and is it possible to see that traffic
> before it's encrypted? I'm guessing there's a user-mode process or a
> socket filter that's grabbing the traffic before BPF/interface filters
> get a chance to inspect the traffic on utun0, but it would be helpful
> to understand how it's working.
>
> thanks for your assistance,
> brendan creane
> _______________________________________________
> Do not post admin requests to the list. They will be ignored.
> Macnetworkprog mailing list (email@hidden)
> Help/Unsubscribe/Update your Subscription:
>
> This email sent to email@hidden
>
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Macnetworkprog mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden