Enhanced Security Measures in Place:   To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.

Global protect route issue with macbook

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Global protect route issue with macbook

L2 Linker

Background information

Where I’m currently living right now in a apartment complex there is a central internet network that I do not have access to these devices(Ubiquity). Lately I’ve been working a lot from home and sometimes I need to connect through VPN to clients networks to provide support. Most of the client’s VPN work fine from home except one. When I try to connect it basically times out. If I use my phone as a hotspot this VPN works perfect without any single issue at all. I tried at several other locations (outside my home network) and it works as expected.

 

The current situation

What I’m using to connect to this VPN is the Mac OS . The VPN Type global protect. So global protect connected properly and it taking ip from ip pool. split tunnel is configured . but issue is internal resources and internet( from google any site ) not accessible. 

 

The problem

We checked in routing table of macbook ,When I try to connect Mac OS Built-in Global Protect VPN client instead of passing the traffic through the  tunnel(utunX) it passes it through the regular WiFi interface(EN0). No matter what I tried it couldn’t get the traffic to pass through the tunnel. I have deleted route all route which was showing in mac routing table but after some time it reflected automatically. With this command we deleted route "sudo route -n delete x.x.x.x "

 

.

 

2 REPLIES 2

Cyber Elite
Cyber Elite

@SurajN,

Sounds like your local IP range configured at your apartment conflicts with the IP range that client is using. When local network resource access is enabled on a split-tunnel configuration that overlaps, you'll see this type of behavior. 

Since you are unlikely to get your apartment complex to make any changes, I would contact the client in question and see if they couldn't possibly give you your own client config to work around the issue. 

L2 Linker

If you're using Zscaler Client Connector, we have seen that application modify the injected routes and point them to the wrong next-hop interface.  Disabling ZCC fixes the issue.  It takes anywhere from 1 second to 2 hours after enabling ZCC before the routes get trashed.

  • 3403 Views
  • 2 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!