Howdy, Stranger!

It looks like you're new here. Sign in or register to get started.

Mac OSX and SonicWall Mobile Connect

shoeshoe Newbie ✭

Has anyone got this working to their satisfaction? I can get connected but the LAN is not available. From support I got, "Well, it should be working." Thank you very much. A connection with NetExtender on Windows 10 works just fine. I've digging without success. I'm wondering if there is a OS X setting I've got to change?

This is the setup

SonicWall Mobile Connect for macOS Version 5.0.8. Build: 5046

Model: MacBook Air (13-inch, Early 2015). OS: macOS 10.15.7 (19H1419)

I've been digging through a packet capture and the two logs from Mobile Connect without seeing anything, but that isn't surprising, probably me.

Category: VPN Client
Reply

Answers

  • TKWITSTKWITS All-Knowing Sage ✭✭✭✭

    Is there a software firewall on the Mac?

  • shoeshoe Newbie ✭

    No, I ensured that the firewall was off.

    In a fit of frustration, I set up VPN over L2TP/LPsec too. The exact same issue. I can login but cannot access the LAN. SonicWall Support doesn't seem to have a clue. I can't believe my employer is the only one in the whole SonicWall world that has folks using Mac OS X, darn artise type folks and Microsoft haters (me).

  • TKWITSTKWITS All-Knowing Sage ✭✭✭✭

    Can you show us your sanitized SSLVPN config and provide more detail on the Sonicwall interface config? I know NetExtender is working but it helps to see.

  • SonicAdmin80SonicAdmin80 Enthusiast ✭✭

    Can you see the routes to office network when Mobile Connect is connected, in the Mobile Connect monitor tab? Could there be a subnet conflict?

    I have several environments using both firewall SSL-VPN and SMA 100 series with macOS Mobile Connect and it works well for the most part, rarely are there any problems with it.

  • shoeshoe Newbie ✭

    So, from the same ISP (different that our business) I connected with both the Mac and the Windows system. Again, both connect just fine, but the LAN is not available to the Mac (SonicWall Mobile Connect) whereas it is available to the Windows (NetExtender). It seems to me it is a 'routing' issue of some sort, but I have to admit I'm missing it. I've been looking at netstat -rn from each system (attached). I've changed our external IP to 111.222.333.444 and our DNS addresses to DNS-1 & DNS-2. The connected IPs are 172.16.10.5 and 172.16.10.6 for Windows and Mac. I'm having trouble explaining the issue to SonicWall support. They want me to connect the Mac up and then use support.sonicwall.com to share screen, that won't work as I can get anywhere once the Mac is VPN'ed in. We did do a screen share and looked over the TZx70 and the configuration is correct - if they did not miss anything.



  • TKWITSTKWITS All-Knowing Sage ✭✭✭✭

    SONICADMIN80 did not ask for routes from the devices themselves, but from the 'monitor' tab in Sonicwall MobileConnect and 'routes' tab in NetExtender.

  • shoeshoe Newbie ✭

    I didn't read that close... As you can see they are both 'TunnelAll' mode. Which is why I grabbed the route output and have been looking a that. I also did a wireshark grab on the Mac this morning. I'm about to put on my hip waders and start going through that.


  • SonicAdmin80SonicAdmin80 Enthusiast ✭✭

    I don't use tunnel all mode but your routing table looks very similar to mine. Are you able to ping any host on the internal network? I would also do a packet capture if possible on the SonicWall appliance to see if the packets are coming in at all.

  • TKWITSTKWITS All-Knowing Sage ✭✭✭✭

    Does it work when not using tunnel all mode?

  • shoeshoe Newbie ✭

    I tried with "Tunnel all mode" turned off.

    It works with Windows 10 and NetExtendor, the tunnel is created and the LAN is accessible.

    It still does not work with Mac OS/X and SonicWall Mobile Connect. The login works, the tunnel is created, the LAN is not accessible.

    This is very frustrating, along with becoming a higher priority as our Director of Development [a Mac user] has returned from maternity leave.

    I'm having another fibre line brought in with separate access to the internet so I can test [without having to go a 1/2 mile for WAN access other than our own] so I can be watching all the hardware/software involved in troubleshooting this.

    I've had a case open with SonicWall for sometime now without success. Quite frankly, I am concerned with SonicWall support. This is a very small non-profit organization, I'm a full-time volunteer [retired from as systems programmer with z/OS - and of you all know the story - you're a computer person you must know the answer too...] and when I'm gone I was hoping any difficulties could be resolved with a limited knowledge on our end. Years ago I put in a Linux server running IPTables on a Raspberry Pi and had SSLVPN working for both Mac and Windows. I opted to replace that with something GUI based and received many recommendations for SonicWall. At my age and with as many vendors that I've dealt with over the years I should remember, 'Just because it's shiny, doesn't make it better.'

  • TKWITSTKWITS All-Knowing Sage ✭✭✭✭

    Back to basics. What IP subnet is the Sonicwall LAN using? Are you using the same subnet for SSLVPN, if not what is it? What model and firmware version of the Sonicwall?

Sign In or Register to comment.