Mac OSX and SonicWall Mobile Connect
shoe Newbie ✭
in VPN Client
Has anyone got this working to their satisfaction? I can get connected but the LAN is not available. From support I got, "Well, it should be working." Thank you very much. A connection with NetExtender on Windows 10 works just fine. I've digging without success. I'm wondering if there is a OS X setting I've got to change?
This is the setup
SonicWall Mobile Connect for macOS Version 5.0.8. Build: 5046
Model: MacBook Air (13-inch, Early 2015). OS: macOS 10.15.7 (19H1419)
I've been digging through a packet capture and the two logs from Mobile Connect without seeing anything, but that isn't surprising, probably me.
Category: VPN Client
Hey! You will be signed out in 60 seconds due to inactivity. Click here to continue using the site.
Is there a software firewall on the Mac?
No, I ensured that the firewall was off.
In a fit of frustration, I set up VPN over L2TP/LPsec too. The exact same issue. I can login but cannot access the LAN. SonicWall Support doesn't seem to have a clue. I can't believe my employer is the only one in the whole SonicWall world that has folks using Mac OS X, darn artise type folks and Microsoft haters (me).
Can you show us your sanitized SSLVPN config and provide more detail on the Sonicwall interface config? I know NetExtender is working but it helps to see.
Can you see the routes to office network when Mobile Connect is connected, in the Mobile Connect monitor tab? Could there be a subnet conflict?
I have several environments using both firewall SSL-VPN and SMA 100 series with macOS Mobile Connect and it works well for the most part, rarely are there any problems with it.
So, from the same ISP (different that our business) I connected with both the Mac and the Windows system. Again, both connect just fine, but the LAN is not available to the Mac (SonicWall Mobile Connect) whereas it is available to the Windows (NetExtender). It seems to me it is a 'routing' issue of some sort, but I have to admit I'm missing it. I've been looking at netstat -rn from each system (attached). I've changed our external IP to 111.222.333.444 and our DNS addresses to DNS-1 & DNS-2. The connected IPs are 172.16.10.5 and 172.16.10.6 for Windows and Mac. I'm having trouble explaining the issue to SonicWall support. They want me to connect the Mac up and then use support.sonicwall.com to share screen, that won't work as I can get anywhere once the Mac is VPN'ed in. We did do a screen share and looked over the TZx70 and the configuration is correct - if they did not miss anything.
SONICADMIN80 did not ask for routes from the devices themselves, but from the 'monitor' tab in Sonicwall MobileConnect and 'routes' tab in NetExtender.
I didn't read that close... As you can see they are both 'TunnelAll' mode. Which is why I grabbed the route output and have been looking a that. I also did a wireshark grab on the Mac this morning. I'm about to put on my hip waders and start going through that.
I don't use tunnel all mode but your routing table looks very similar to mine. Are you able to ping any host on the internal network? I would also do a packet capture if possible on the SonicWall appliance to see if the packets are coming in at all.
Does it work when not using tunnel all mode?
Disregard, I read the comment wrong.
I tried with "Tunnel all mode" turned off.
It works with Windows 10 and NetExtendor, the tunnel is created and the LAN is accessible.
It still does not work with Mac OS/X and SonicWall Mobile Connect. The login works, the tunnel is created, the LAN is not accessible.
This is very frustrating, along with becoming a higher priority as our Director of Development [a Mac user] has returned from maternity leave.
I'm having another fibre line brought in with separate access to the internet so I can test [without having to go a 1/2 mile for WAN access other than our own] so I can be watching all the hardware/software involved in troubleshooting this.
I've had a case open with SonicWall for sometime now without success. Quite frankly, I am concerned with SonicWall support. This is a very small non-profit organization, I'm a full-time volunteer [retired from as systems programmer with z/OS - and of you all know the story - you're a computer person you must know the answer too...] and when I'm gone I was hoping any difficulties could be resolved with a limited knowledge on our end. Years ago I put in a Linux server running IPTables on a Raspberry Pi and had SSLVPN working for both Mac and Windows. I opted to replace that with something GUI based and received many recommendations for SonicWall. At my age and with as many vendors that I've dealt with over the years I should remember, 'Just because it's shiny, doesn't make it better.'
Back to basics. What IP subnet is the Sonicwall LAN using? Are you using the same subnet for SSLVPN, if not what is it? What model and firmware version of the Sonicwall?
Did you ever resolve this issue? I tried this with a Mac user today and am having the same problem.
We have the same issue with one mac user. The other seems to work okay but it's a personal computer and I can't ask to access it. All the windows connections are fine
We have the same issue and also now have a ticket open with support. Did anyone with the problem here ever find a resolution? It's not a user-specific problem but rather an OS-specific one. We are using an SMA appliance fwiw.
Having a similar experience. One Macbook and one mac user. The user connects with Mobile connect 5.0.9 via SSLVPN. They connect for awhile and then get disconnected. The SSLVPN active user show the user connected prior to the disconnect. After the disconnect, the user shows on the active user list and the session time just keeps increasing.
Before we disabled multiple connection from a user the MAC user would keep adding active sessions but they would never close/terminate.
Also is it just me, the 5.0.9 or .8 version of mobile connect does not have a export log file option as I have seen in some knowledge-based articles. Since the user is having issues with the email log function, where am I to find the logs manually??? I tried the app support folder but no sonicwall folder there.
Another troubling thing.....The test Macbook is on sonic mobile connect 5.0.8 but if I go to APP store and do a general update, I am not prompted that the mobile connect update to 5.0.9 is avail. If I search the app store for the software, it does provide an "update" button for the software.......Very strange.
Sonicwall support better get their poop together or were jumping ship.......lately portal case submissions sit in the que "unassigned" for days...... Not happy......they say call but they seemed to have scrubbed all support # from the site.
If you get any positive response from support please let us know here. I cannot get them to respond from beyond the phone tier. They have popped back a couple of random answers about DNS and Macs requiring a different protocol or whatever. It all sounds like nonsense and is in the very least out of context with the detail in my ticket. We are going to have to jump ship, which is unfortunate.
Same issue as OP. Account worked fine on a windows pc. Switching to Macbook had to use Mobile Connect as it's the only option for OSX. Tunnel ok, remote network fine. Local network completely dead.
Would love to know a fix. Have tried mobile hotspot to make sure not a local issue but no change.