[eduVPN-deploy] eduVPN client routing table behaviour on MacOS

Louis Twomey louis.twomey at heanet.ie
Tue Jul 7 18:35:44 CEST 2020 

Hi,
I am troubleshooting a problem where some of our staff occasionally experience problems when accessing O365 services via our eduVPN servers. They can access Sharepoint, and they can open Sharepoint documents in the browser, but they can’t open the same documents in their local apps - the nature of the error suggests a possible networking issue.

The problem affected two staff members today, at least one of them is using a MacOS 10.15.5 laptop and a recent version of the eduVPN client, v2.1.7 (837). I have not experienced this problem, I have a MacOS 10.15.5 laptop too, but my eduVPN client is v1.2.1.

When looking at the routing table on my laptop, and the affected laptop, they are very different and I wonder whether this is because the newer eduVPN client behaves differently?

My laptop routing table is very short and very “clean", my older eduVPN client adds only 6 routes via the virtual/tunnel interface (for: 0/1,128.0/1, 192.168.0.0/25, 192.168.0.128/25, host route for gateway IP of eduVPN server, eduVPN pool range). By complete contrast, the laptop with the newer eduVPN client has over 30 additional routes and most of them are host routes, here is a snippet of the IPv4 table:

Internet:
Destination        Gateway            Flags        Netif Expire
default            link#18            UCS          utun2       
default            192.168.0.1        UGScI          en0       
1.1.1.1            link#18            UHW3I        utun2      2
1.2.3.4            link#18            UHW3I        utun2      1
8.8.8.8            link#18            UHW3I        utun2      3
13.88.28.53        link#18            UHWIi        utun2       
40.126.1.143       link#18            UHWIi        utun2       

Is it standard behaviour of the newer MacOS eduVPN client to add a “default” route as above, and to add multiple host routes?

Thanks,
Louis
-------
Louis Twomey
Technical Architect
PGP key: C77D9256
HEAnet CLG, Ireland’s National Education and Research Network
1st Floor, 5 George’s Dock, IFSC, Dublin D01 X8N7, Ireland
+353 (0)1 6609040   louis.twomey at heanet.ie  www.heanet.ie
Registered in Ireland, No. 275301.  CRA No. 20036270

More information about the eduVPN-deploy mailing list