I am troubleshooting dns issues with apple products on our corporate network. We are seeing a problem where windows users can resolve short-name dns just fine but users on apple products can not (Iphone, Ipad, Mac). To start I am troubleshooting with a mac, but I am not seeing any packets go across the VPN when I try to start a wireshark from it..
From the if config command I've gathered via ip that the tunnel is being generated off of the interface "utun1". When I start a packet capture off of that interface I see no packets, I've generated traffic by pinging devices on the corporate network... etc, I am not seeing anything.
Similarly, I have tried generating a packet capture off of the en0 interface, which is the interface my ethernet cord is plugged into. I see plenty of traffic go through, but nothing through the VPN. I can see dns queries come into the DNS server on our corporate network from my computer when I am attached to the vpn, but my local wireshark capture does not see packets going out to the DNS server.
I was wondering if anyone knows exactly how this works on OSX. Is it possible that everything is being encapsulated before it hits en0 or the VPN interface, and thus, no packets are displayed because they are already tunneled?
I am running Mac OSX Lion version 10.7.3
Thanks for your help and time!
asked 30 Mar '12, 09:10
Are you certain of that? Is there also an interface named, for example,
Again, with Apple's VPN software, the VPN traffic will show up as, for example, ESP traffic on the Ethernet or Airport interface, so it'll already be encapsulated. I don't know what other VPN software does, but it's probably similar.
answered 30 Mar '12, 13:10
Guy Harris ♦♦