2014-11-18 15:01:20 NOTE: Beginning empirical MTU test -- results should be available in 3 to 4 minutes.
route: writing to routing socket: File existsadd net 192.168.10.0: gateway 192.168.10.1: File exists
As of OSX Yosemite (and iOS 8.1), Apple has changed the way it resolves *.local domains. According to RFC 6762 the *.local domain is reserved for multicast DNS resolution. In previous version of OSX this RFC wasn't adhered to strictly but that has changed in OSX Yosemite (10.10) which now routes *.local exclusively to mDNSresponder which is primarily used by multicast services like Bonjour. This namespace my VPN was attempting to route had a *.local name root. To reproduce this issue: configure VPN to handle a *.local namespace, establish a VPN connection, run nslookup on a known good *.local name and you will retrieve the correct IP, then try to connect to a known good *.local name via ssh or web browser and you will receive a DNS resolution error.
This change flies in the face of ActiveDirectory which has been using *.local name resolution going on 2 decades. It is perhaps for this enterprise compatibility reason only that Apple provides a work around by enabling the mdnsactivedirectory option in the discoveryutil service. Here is the full thread on apple support.
To enable this option immediately run the following command:
$ sudo discoveryutil mdnsactivedirectory yes |
Hope this helps, this was definitely one of the more obscure issues I've run into.
--
You received this message because you are subscribed to a topic in the Google Groups "tunnelblick-discuss" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/tunnelblick-discuss/Or7fe4ng71w/unsubscribe.
To unsubscribe from this group and all its topics, send an email to tunnelblick-dis...@googlegroups.com.
Visit this group at http://groups.google.com/group/tunnelblick-discuss.
For more options, visit https://groups.google.com/d/optout.
To unsubscribe from this group and all its topics, send an email to tunnelblick-discuss+unsub...@googlegroups.com.