Closed edgar closed 4 years ago
… however when I check my public IP address with websites like
http://ip4.me/
I'm getting reported the VPN IP address.
First of all, obviously check that 216.115.184.69 (ip4.me
) isn't in the address ranges that you're routing via the VPN.
Secondly, what do you mean by "the VPN IP address"?
tunX
adapter? That seems extremely implausible. Your VPN would have to be handing out globally routable IPv4 addresses with no intervening NAT… I've never seen such a thing.Also when I visit some websites I got an alert message from the company OpenDNS about the website been blocked. That also happened after I kill OpenConnect (vpn-down).
No idea without more details. :man_shrugging:
Are you intending to using OpenDNS as your DNS provider?
Wondering what I'm missing if my setup
Does your VPN provide IPv6 connectivity, or only IPv4?
Hey Dan,
Thanks for the quick response.
ip4.me
was not in the address ranges routed via the VPN.ip4.me
was reporting the same IP address that it would show if I set the default IPv4 route through the VPN - geolocating my IP address in Seattle (company HQ) - instead of my ISP in NYC.I noticed (via netstat -nr -f inet
and ifconfig -a
) that I had several utunX
(from utun0
to utun8
) network interfaces even after openconnect was killed. I restarted the laptop and now ifconfig -a
only reports utun0
to utun4
and ip4.me
is now reporting my ISP in NYC.
About OpenDNS, I noticed that if I visit a website like http://gems.rubydev.ir
I got redirected to block.opendns.com
, I guess this is done via the Cisco Umbrella Roaming Client - AnyConnect. This behavior is happening to me and a co-worker that is also trying vpn-slice. For folks that have never used vpn-slice, they got this behavior if they are in the VPN (via Cisco AnyConnect) and they don't get redirected to block.opendns.com
if they are not in the VPN.
Any suggestions on how can I dig deeper into this?
I also noticed that sometimes when I do sudo kill -2
pgrep openconnect` I still got a
vpn-slicerunning and the
utunXinterface still shows in
netstat -nr -f inet`.
After doing sudo kill -2
pgrep vpn-slice` the
utunX` interface is removed.
Is there a preferred way of killing OpenConnect / vpn-slice? Not sure but it seems this behavior is related to the use of --prevent-idle-timeout
flag
ip4.me
was not in the address ranges routed via the VPN.
:thinking:
If traffic to ip4.me
's IP address (as destination) was not routed via the VPN interface… how could ip4.me
possibly be receiving packets with a source IP address that's linked to the VPN?
I noticed (via
netstat -nr -f inet
andifconfig -a
) that I had severalutunX
(fromutun0
toutun8
) network interfaces even after openconnect was killed. I restarted the laptop and nowifconfig -a
only reportsutun0
toutun4
andip4.me
is now reporting my ISP in NYC.
Based on the device and command names you're sharing… I'm guessing you're running macOS or *BSD? Probably macOS?
I do not use macOS myself, and know very little about its networking configuration beyond the baseline of the *BSD network and routing configuration commands.
About OpenDNS, I noticed that if I visit a website like
http://gems.rubydev.ir
I got redirected toblock.opendns.com
, I guess this is done via the Cisco Umbrella Roaming Client - AnyConnect. This behavior is happening to me and a co-worker that is also trying vpn-slice. For folks that have never used vpn-slice, they got this behavior if they are in the VPN (via Cisco AnyConnect) and they don't get redirected toblock.opendns.com
if they are not in the VPN.
I'm afraid that I don't understand what you're describing at all. It sounds like Cisco AnyConnect may be running in the background and interfering with the system DNS setup in some way. Can you uninstall or disable it?
I also noticed that sometimes when I do
sudo kill -2
pgrep openconnect` I still got a
vpn-slicerunning and the
utunXinterface still shows in
netstat -nr -f inet`.After doing
sudo kill -2
pgrep vpn-slice` the
utunX` interface is removed.Is there a preferred way of killing OpenConnect / vpn-slice? Not sure but it seems this behavior is related to the use of
--prevent-idle-timeout
flag
Yeah, the way the keepalive process works is extremely unsophisticated:
It simply runs in a loop, sleeps for a while, and then checks if the parent process is still alive. This interferes with the automated teardown of the tunnel device as you note.
Better approaches would be:
vpn-slice
parent process could track the keepalive child process's PID itself ("yet another PIDfile") and kill it when it gets reason=disconnect
tundev
goes into a DOWN state. Very OS-dependent.Patches welcome.
Yes, I'm using MacOS and it seems it's Cisco AnyConnect/Umbrella who is messing around with the DNS setup.
I'll take a look at the prevent-idle-timeout
logic and see if I can contribute
Thanks again Dan!
it seems it's Cisco AnyConnect/Umbrella who is messing around with the DNS setup.
Looks like you're not the only one with this issue. :eyes: https://www.reddit.com/r/Cisco/comments/i7dmic/umbrella_client_disableenable_without_internet/
Hey there,
First of all, thanks for the amazing work in
vpn-slice
!I'm using
vpn-slice
with OpenConnect, using some shell functions plus an script to supply all the hosts, CIDR ranges to vpn-slice:and
custom-vpn-slice
has:When I ran
vpn-split
the traffic is routed properly through the VPN, however when I check my public IP address with websites likehttp://ip4.me/
I'm getting reported the VPN IP address. And when I kill OpenConnect (vpn-down
) I'm getting reported the ISP IP (which was what I expected when the VPN was up).Also when I visit some websites I got an alert message from the company OpenDNS about the website been blocked. That also happened after I kill OpenConnect (
vpn-down
). I checked in another machine using Cisco AnyConnect instead of OpenConnect + vpn-slice and the traffic is not blockedWondering what I'm missing if my setup