Blocks all traffic Mac OS X Seirra

[Marachaun]

Im kinda new to all this terminal stuff so im not sure how to fix this. When I connect to my vpn using IPVanish the traffic is fine. Data in and out. When I use sudo killswitch -e I get the following:

Jeremys-Mac-Pro:~ jeremyfreshour$ sudo killswitch -e Interface MAC address IP en2 44:d8:84:6d:8a:3f 10.0.0.19/8 utun1 172.21.28.5

DNS leaking: Public IP address (DNS): 64.145.93.14 Public IP address (WWW): 64.145.93.66 PEER IP address: 64.145.93.14

--------------------------------------------------------------

Loading rules

--------------------------------------------------------------

No ALTQ support in kernel ALTQ related functions disabled block drop all block drop out quick inet6 all pass inet proto udp from any to 224.0.0.0/4 keep state pass inet proto udp from 224.0.0.0/4 to any keep state pass inet from any to 255.255.255.255 flags S/SA keep state pass inet from 255.255.255.255 to any flags S/SA keep state pass on en2 proto tcp from any port 67:68 to any port 67:68 flags S/SA keep state pass on en2 proto udp from any port 67:68 to any port 67:68 keep state pass on en2 inet proto tcp from any to 64.145.93.14 flags S/SA keep state pass on en2 inet proto udp from any to 64.145.93.14 keep state pass on utun1 all flags S/SA keep state

killswitch enabled

My conf is the default conf that comes with this. Ill post it anyway Jeremys-Mac-Pro:~ jeremyfreshour$ sudo pfctl -Fa -f /tmp/killswitch.pf.conf -e pfctl: Use of -f option, could result in flushing of rules present in the main ruleset added by the system at startup. See /etc/pf.conf for further details.

No ALTQ support in kernel ALTQ related functions disabled rules cleared nat cleared dummynet cleared 0 tables deleted. 1 states cleared source tracking entries cleared pf: statistics cleared pf: interface flags reset pfctl: pf already enabled

after about 30 seconds the vpn disconnects and I can't connect to the net anymore. I turn off kill switch and it works just fine.

[nbari]

hi @Marachaun that's indeed the normal behavior of the killswitch, what is strange is that your VPN goes down after 30 seconds, does this happens also when killswitch is off? if not try to find the peer IP, check (https://vpn-kill-switch.com/post/pf/ and https://vpn-kill-switch.com/img/peerIP.jpg)

Then pass the IP:

killswitch -ip X.X.X.X

[Marachaun]

I tried that... it still disconnects. I made sure ipvanishes kill switch is disabled.

When I run sudo killswitch -e I then run Ping google.com It hit the dns finds google but the pings fail

Sent from my iPhone

On Oct 2, 2019, at 2:02 AM, Nicolas Embriz notifications@github.com wrote:

hi @Marachaun that's indeed the normal behavior of the killswitch, what is strange is that your VPN goes down after 30 seconds, does this happens also when killswitch is off? if not try to find the peer IP, check (https://vpn-kill-switch.com/post/pf/ and https://vpn-kill-switch.com/img/peerIP.jpg)

Then pass the IP:

killswitch -ip X.X.X.X — You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub, or mute the thread.

[Marachaun]

Sorry, no the vpn stays up all day until I use killswitch

Sent from my iPhone

On Oct 2, 2019, at 2:02 AM, Nicolas Embriz notifications@github.com wrote:

hi @Marachaun that's indeed the normal behavior of the killswitch, what is strange is that your VPN goes down after 30 seconds, does this happens also when killswitch is off? if not try to find the peer IP, check (https://vpn-kill-switch.com/post/pf/ and https://vpn-kill-switch.com/img/peerIP.jpg)

Then pass the IP:

killswitch -ip X.X.X.X — You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub, or mute the thread.

[nbari]

Did you try adding your endpoint IP as mentioned before?

killswitch -ip X.X.X.X -e

[Marachaun]

Yes my peer ip is 64.145.93.20 I entered: sudo killswitch -ip 64.145.93.20 -e

30 seconds later the vpn goes down

Sent from my iPhone

On Oct 2, 2019, at 2:29 AM, Nicolas Embriz notifications@github.com wrote:

Did you try adding your endpoint IP as mentioned before?

killswitch -ip X.X.X.X — You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub, or mute the thread.

[nbari]

Probably is not the real endpoint IP address, by default killswitch try to find it for you, but in some cases (depends on the setup, multiple vpns, etc it must be specified)

The reason why your VPN goes down is that the killswitch is blocking traffic to peer IP you used to connect.

After enabling the killswitch you could try to search for the pflog0 interface and debug/check traffic been blocked:

You need to edit the the pf.rules /tmp/killswitch.pf.conf and add this:

set loginterface pflog0

Then:

$ sudo ifconfig pflog0 create

And later:

Load the killswitch rules:

$ sudo pfctl -Fa -f /tmp/killswitch.pf.conf -e

Check what is blocking:

$ sudo tcpdump tcpdump -n -e -ttt -i pflog0

I haven't tested on macOS but give a try, please update if find a way to dump/log the pf rules.

[nbari]

Hi @Marachaun did you fix your problem or have any update? if you need help testing something please let me know.

[Marachaun]

I haven’t figured it out. I don’t know enough about terminal commands and minipulating things in the terminal. Right now Im using IPVanish Kill switch. I’d rather it be at the hardware level but I can’t figure that one out.

On Oct 4, 2019, at 6:34 AM, Nicolas Embriz notifications@github.com wrote:

Hi @Marachaun https://github.com/Marachaun did you fix your problem or have any update? if you need help testing something please let me know.

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/vpn-kill-switch/killswitch/issues/19?email_source=notifications&email_token=ANLVMRFJVZI2HE2GVSG6CZ3QM4Z5FA5CNFSM4I4QVBSKYY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOEALP5NA#issuecomment-538377908, or mute the thread https://github.com/notifications/unsubscribe-auth/ANLVMRADXYHETQHJ4XKCONTQM4Z5FANCNFSM4I4QVBSA.

[nbari]

One of the main reasons for me to create killswitch was that the IPVanish app crashed and therefore the killswitch (http://vpn-kill-switch.com/about/). (the issue there could be just finding the peer IP)

at a hardware level, you could try a https://www.asuswrt-merlin.net or even better pfsense.org it is more complex but comes with its advantages.

[Marachaun]

Jeremys-Mac-Pro:~ jeremyfreshour$ sudo killswitch -leak -ip 64.145.93.115 -e Interface MAC address IP en2 44:d8:84:6d:8a:3f 10.0.0.19/8 utun1 172.21.28.16

DNS leaking: Public IP address (DNS): 64.145.93.115 Public IP address (WWW): 64.145.93.146 PEER IP address: 64.145.93.115

--------------------------------------------------------------

Loading rules

--------------------------------------------------------------

No ALTQ support in kernel ALTQ related functions disabled block drop all block drop out quick inet6 all pass quick proto tcp from any to any port = 53 flags S/SA keep state pass quick proto udp from any to any port = 53 keep state pass inet proto udp from any to 224.0.0.0/4 keep state pass inet proto udp from 224.0.0.0/4 to any keep state pass inet from any to 255.255.255.255 flags S/SA keep state pass inet from 255.255.255.255 to any flags S/SA keep state pass on en2 proto tcp from any port 67:68 to any port 67:68 flags S/SA keep state pass on en2 proto udp from any port 67:68 to any port 67:68 keep state pass on en2 inet proto icmp all icmp-type echoreq code 0 keep state pass on en2 inet proto tcp from any to 64.145.93.115 flags S/SA keep state pass on en2 inet proto udp from any to 64.145.93.115 keep state pass on utun1 all flags S/SA keep state

killswitch enabled

// VPN Goes Down //

Jeremys-Mac-Pro:~ jeremyfreshour$ sudo killswitch -leak -ip 64.145.93.115 -d No ALTQ support in kernel ALTQ related functions disabled scrub-anchor "com.apple/" all fragment reassemble anchor "com.apple/" all

killswitch disabled Jeremys-Mac-Pro:~ jeremyfreshour$

On Oct 5, 2019, at 12:47 AM, Jeremy Freshour jeremy.freshour@icloud.com wrote:

> On Oct 5, 2019, at 12:42 AM, Nicolas Embriz > wrote: > > One of the main reasons for me to create killswitch was that the IPVanish app crashed and therefore the killswitch (http://vpn-kill-switch.com/about/ ). (the issue there could be just finding the peer IP) > > at a hardware level, you could try a https://www.asuswrt-merlin.net or even better pfsense.org it is more complex but comes with its advantages. > > — > You are receiving this because you were mentioned. > Reply to this email directly, view it on GitHub , or mute the thread . >

[nbari]

hi @Marachaun just for testing try 64.145.93.146, how are you obtaining the peer IP ? try the one shown in the ipvanish app.

[Marachaun]

The IPVanish tells you. Look at the picture. On the right hand side where it says connected to

It still kills the vpn.

On Oct 5, 2019, at 1:00 AM, Nicolas Embriz notifications@github.com wrote:

hi @Marachaun https://github.com/Marachaun just for testing try 64.145.93.146, how are you obtaining the peer IP ? try the one shown in the ipvanish app.

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/vpn-kill-switch/killswitch/issues/19?email_source=notifications&email_token=ANLVMRHKWEKE2KJCLVPZENLQNA3QDA5CNFSM4I4QVBSKYY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOEANMABY#issuecomment-538624007, or mute the thread https://github.com/notifications/unsubscribe-auth/ANLVMRDM3DFIDUDF75ECM2TQNA3QDANCNFSM4I4QVBSA.

[nbari]

Try this with the VPN enabled:

route get 0.0.0.0 2>/dev/null | awk '/interface: / {print $2}';

Then based on the output (probably utun1):

ifconfig <interfacename> 

Check that you are connecting using OpenVPN protocol (UDP) not IKEv2 and disable the application killswitch

[Marachaun]

Jeremys-Mac-Pro:~ jeremyfreshour$ route get 0.0.0.0 2>/dev/null | awk '/interface: / {print $2}'; en2 Jeremys-Mac-Pro:~ jeremyfreshour$ ifconfig en2 en2: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500 ether 44:d8:84:6d:8a:3f inet 10.0.0.19 netmask 0xffffff00 broadcast 10.0.0.255 nd6 options=201<PERFORMNUD,DAD> media: autoselect status: active

On Oct 5, 2019, at 1:05 AM, Nicolas Embriz notifications@github.com wrote:

Try this with the VPN enabled:

route get 0.0.0.0 2>/dev/null | awk '/interface: / {print $2}'; Then based on the output (probably utun1):

ifconfig — You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/vpn-kill-switch/killswitch/issues/19?email_source=notifications&email_token=ANLVMRBHTSBMWN2JAVPATE3QNA4CHA5CNFSM4I4QVBSKYY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOEANMCPQ#issuecomment-538624318, or mute the thread https://github.com/notifications/unsubscribe-auth/ANLVMRFVR7XP5DZOW7RMZ33QNA4CHANCNFSM4I4QVBSA.

[nbari]

Ok that doesn't look good you should have another interface, something like utun1 that interface gets created after creating/enabling the VPN, check your options/config to use UDP or TCP within the app, once you get the interface give a try again to enable the killswitch killswitch -e or by passing the peer IP killswithc -ip X.X.X.X -e

[nbari]

Hi @Marachaun normally you get a utunX interface, but it could be that you also get an ipsec0 instead which is fine

[Marachaun]

Ive tested with both UDP and TCP neither give a utunX interface. Only en2 which is my wireless

On Oct 5, 2019, at 1:05 AM, Nicolas Embriz notifications@github.com wrote:

Try this with the VPN enabled:

route get 0.0.0.0 2>/dev/null | awk '/interface: / {print $2}'; Then based on the output (probably utun1):

ifconfig — You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/vpn-kill-switch/killswitch/issues/19?email_source=notifications&email_token=ANLVMRBHTSBMWN2JAVPATE3QNA4CHA5CNFSM4I4QVBSKYY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOEANMCPQ#issuecomment-538624318, or mute the thread https://github.com/notifications/unsubscribe-auth/ANLVMRFVR7XP5DZOW7RMZ33QNA4CHANCNFSM4I4QVBSA.

[nbari]

I think that the VPN is not properly configured since it should modify your routes to be the default one and send all traffic through it (even before using the killswitch)

If you do an ifconfig -a when the VPN is enabled, you may see the utun1 interface, but for some reason is not sending full/all traffic through the VPN, that's why when you enable the killswitch it goes down, you could also try having the VPN enabled and then run:

netstat -rna -f inet

The interface of your VPN should be on top, give a try reinstalling the app or check the settings, an easy way to check is to run:

 route get 0.0.0.0 

Until it doesn't print the VPN interface (other than en1 or en2), the killswitch won't work.

[Marachaun]

Jeremys-Mac-Pro:~ jeremyfreshour$ ifconfig en2 en2: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500 ether 44:d8:84:6d:8a:3f inet 10.0.0.19 netmask 0xffffff00 broadcast 10.0.0.255 nd6 options=201<PERFORMNUD,DAD> media: autoselect status: active Jeremys-Mac-Pro:~ jeremyfreshour$ ifconfig utun1 ifconfig: interface utun1 does not exist Jeremys-Mac-Pro:~ jeremyfreshour$ ifconfig utun0 utun0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 2000 inet6 fe80::4a3a:b2a1:35e0:480b%utun0 prefixlen 64 scopeid 0x11 nd6 options=201<PERFORMNUD,DAD> Jeremys-Mac-Pro:~ jeremyfreshour$

On Oct 5, 2019, at 1:45 AM, Nicolas Embriz notifications@github.com wrote:

I think that the VPN is not properly configured since it should modify your routes to be the default one and send all traffic through it (even before using the killswitch)

If you do an ifconfig -a when the VPN is enabled, you may see the utun1 interface, but for some reason is not sending traffic through the VPN, that's why when you enable the killswitch it goes down, you could also try having the VPN enabled and then run:

netstat -rna -f inet The interface of your VPN should be on top, give a try reinstalling the app or check the settings, an easy way to check is to run:

route get 0.0.0.0 Until it doesn't print the VPN interface (other than en1 or en2), the killswitch won't work.

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/vpn-kill-switch/killswitch/issues/19?email_source=notifications&email_token=ANLVMRG6BHIW7HIFOM5EX63QNBA3BA5CNFSM4I4QVBSKYY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOEANMVEI#issuecomment-538626705, or mute the thread https://github.com/notifications/unsubscribe-auth/ANLVMRFNOMH6UGSBPFH7IYTQNBA3BANCNFSM4I4QVBSA.

[Marachaun]

Last login: Sat Oct 5 02:03:21 on ttys000 Jeremys-Mac-Pro:~ jeremyfreshour$ route get 0.0.0.0 2>/dev/null | awk '/interface: / {print $2}'; en2 Jeremys-Mac-Pro:~ jeremyfreshour$ ifconfig en2 en2: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500 ether 44:d8:84:6d:8a:3f inet 10.0.0.19 netmask 0xffffff00 broadcast 10.0.0.255 nd6 options=201<PERFORMNUD,DAD> media: autoselect status: active Jeremys-Mac-Pro:~ jeremyfreshour$ ifconfig utun1 utun1: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1500 inet 172.21.22.110 --> 172.21.22.110 netmask 0xfffffe00 Jeremys-Mac-Pro:~ jeremyfreshour$ ifconfig utun0 utun0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 2000 inet6 fe80::4a3a:b2a1:35e0:480b%utun0 prefixlen 64 scopeid 0x11 nd6 options=201<PERFORMNUD,DAD> Jeremys-Mac-Pro:~ jeremyfreshour$

On Oct 5, 2019, at 1:45 AM, Nicolas Embriz notifications@github.com wrote:

I think that the VPN is not properly configured since it should modify your routes to be the default one and send all traffic through it (even before using the killswitch)

If you do an ifconfig -a when the VPN is enabled, you may see the utun1 interface, but for some reason is not sending traffic through the VPN, that's why when you enable the killswitch it goes down, you could also try having the VPN enabled and then run:

netstat -rna -f inet The interface of your VPN should be on top, give a try reinstalling the app or check the settings, an easy way to check is to run:

route get 0.0.0.0 Until it doesn't print the VPN interface (other than en1 or en2), the killswitch won't work.

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/vpn-kill-switch/killswitch/issues/19?email_source=notifications&email_token=ANLVMRG6BHIW7HIFOM5EX63QNBA3BA5CNFSM4I4QVBSKYY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOEANMVEI#issuecomment-538626705, or mute the thread https://github.com/notifications/unsubscribe-auth/ANLVMRFNOMH6UGSBPFH7IYTQNBA3BANCNFSM4I4QVBSA.

[nbari]

hi @Marachaun the problem is that when you enable the VPN its interface should become the default gateway, check it with:

 route get 0.0.0.0

For some reason, in your case is not doing it, you should see something like:

$ route get 0.0.0.0
   route to: default
destination: default
       mask: default
  interface: ipsec0
      flags: <UP,DONE,CLONING,STATIC>
 recvpipe  sendpipe  ssthresh  rtt,msec    rttvar  hopcount      mtu     expire
       0         0         0         0         0         0      1400         0

In this example the interface in use is ipsec0 but can be utun1 etc but not your local interfaces like en1, en2 etc

[Marachaun]

Yes min just says en2. But I’ve reinstalled ipvanish twice and tried OpenVPN TCP and UDP

On Oct 5, 2019, at 2:19 AM, Nicolas Embriz notifications@github.com wrote:

route get 0.0.0.0

[Marachaun]

The VPN is woking, it is redirecting my ip. For example I go to whatismyip.com http://whatismyip.com/ on my phone I get my public ip. I go to the same site on my Mac it comes with a different ip that IPVanish assigned

On Oct 5, 2019, at 2:19 AM, Nicolas Embriz notifications@github.com wrote:

route get 0.0.0.0

[nbari]

Yes, VPN is working but probably leaking, that's why when enabling the killswitch or force traffic to go only through the VPN goes down, they may be using your enX interface to do other checks instead of doing them through the tunnel

I currently don't have an account with them but when tested years ago routes where added, will need to further test.

[nbari]

I am closing this for now, feel free to re-open it if needed.