Inconsistent Routing
22 views
Skip to first unread message
Dolan Murvihill
Jan 19, 2025, 4:08:37 PMJan 19
to tunnelblick-discuss
Hi there,
I'm experiencing inconsistent route assignment when connecting to my AWS Client VPN Endpoint with Tunnelblick. I'm on a MacBook Pro running Mac OS 14.5 and Tunnelblick 4.0.1. My Wi-Fi radio is turned off and I am on an Ethernet connection over USB-C. I'm trying to connect to a non-public database server.
- Most of the time, Tunnelblick correctly routes traffic to my database over the 'utun4' interface via gateway 10.0.0.33, the client VPN's default gateway. The connection works as expected:
dolan@Dolans-MacBook-Pro ~ % route get 8.8.8.8 && route get 172.31.56.0
route to: dns.google
destination: default
mask: default
gateway: 10.0.0.1
interface: en7
flags: <UP,GATEWAY,DONE,STATIC,PRCLONING,GLOBAL>
recvpipe sendpipe ssthresh rtt,msec rttvar hopcount mtu expire
0 0 0 0 0 0 1500 0
route to: 172.31.56.0
destination: 172.31.0.0
mask: 255.255.0.0
gateway: 10.0.0.161
interface: utun4
flags: <UP,GATEWAY,DONE,STATIC,PRCLONING>
recvpipe sendpipe ssthresh rtt,msec rttvar hopcount mtu expire
0 0 0 0 0 0 1500 0
dolan@Dolans-MacBook-Pro ~ % ping 8.8.8.8
PING 8.8.8.8 (8.8.8.8): 56 data bytes
64 bytes from 8.8.8.8: icmp_seq=0 ttl=115 time=133.909 ms
64 bytes from 8.8.8.8: icmp_seq=1 ttl=115 time=20.714 ms
64 bytes from 8.8.8.8: icmp_seq=2 ttl=115 time=64.682 ms
64 bytes from 8.8.8.8: icmp_seq=3 ttl=115 time=19.568 ms
^C
--- 8.8.8.8 ping statistics ---
4 packets transmitted, 4 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 19.568/59.718/133.909/46.536 ms
dolan@Dolans-MacBook-Pro ~ % psql -h 172.31.56.0 --username postgres
Password for user postgres:
route to: dns.google
destination: default
mask: default
gateway: 10.0.0.1
interface: en7
flags: <UP,GATEWAY,DONE,STATIC,PRCLONING,GLOBAL>
recvpipe sendpipe ssthresh rtt,msec rttvar hopcount mtu expire
0 0 0 0 0 0 1500 0
route to: 172.31.56.0
destination: 172.31.0.0
mask: 255.255.0.0
gateway: 10.0.0.161
interface: utun4
flags: <UP,GATEWAY,DONE,STATIC,PRCLONING>
recvpipe sendpipe ssthresh rtt,msec rttvar hopcount mtu expire
0 0 0 0 0 0 1500 0
dolan@Dolans-MacBook-Pro ~ % ping 8.8.8.8
PING 8.8.8.8 (8.8.8.8): 56 data bytes
64 bytes from 8.8.8.8: icmp_seq=0 ttl=115 time=133.909 ms
64 bytes from 8.8.8.8: icmp_seq=1 ttl=115 time=20.714 ms
64 bytes from 8.8.8.8: icmp_seq=2 ttl=115 time=64.682 ms
64 bytes from 8.8.8.8: icmp_seq=3 ttl=115 time=19.568 ms
^C
--- 8.8.8.8 ping statistics ---
4 packets transmitted, 4 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 19.568/59.718/133.909/46.536 ms
dolan@Dolans-MacBook-Pro ~ % psql -h 172.31.56.0 --username postgres
Password for user postgres:
- Sometimes, Tunnelblick routes the database traffic over the 'en7' interface via gateway 10.0.0.1, my usual default gateway, in which the database is unreachable for the lifetime of the connection:
dolan@Dolans-MacBook-Pro ~ % route get 8.8.8.8 && route get 172.31.56.0
route to: dns.google
destination: default
mask: default
gateway: 10.0.0.1
interface: en7
flags: <UP,GATEWAY,DONE,STATIC,PRCLONING,GLOBAL>
recvpipe sendpipe ssthresh rtt,msec rttvar hopcount mtu expire
0 0 0 0 0 0 1500 0
route to: 172.31.56.0
destination: 172.31.0.0
mask: 255.255.0.0
gateway: 10.0.0.1
interface: en7
flags: <UP,GATEWAY,DONE,STATIC,PRCLONING>
recvpipe sendpipe ssthresh rtt,msec rttvar hopcount mtu expire
0 0 0 0 0 0 1500 0
dolan@Dolans-MacBook-Pro ~ % psql -h 172.31.56.0 --username postgres -d papertrace
psql: error: connection to server at "172.31.56.0", port 5432 failed: Operation timed out
Is the server running on that host and accepting TCP/IP connections?
route to: dns.google
destination: default
mask: default
gateway: 10.0.0.1
interface: en7
flags: <UP,GATEWAY,DONE,STATIC,PRCLONING,GLOBAL>
recvpipe sendpipe ssthresh rtt,msec rttvar hopcount mtu expire
0 0 0 0 0 0 1500 0
route to: 172.31.56.0
destination: 172.31.0.0
mask: 255.255.0.0
gateway: 10.0.0.1
interface: en7
flags: <UP,GATEWAY,DONE,STATIC,PRCLONING>
recvpipe sendpipe ssthresh rtt,msec rttvar hopcount mtu expire
0 0 0 0 0 0 1500 0
dolan@Dolans-MacBook-Pro ~ % psql -h 172.31.56.0 --username postgres -d papertrace
psql: error: connection to server at "172.31.56.0", port 5432 failed: Operation timed out
Is the server running on that host and accepting TCP/IP connections?
I can reproduce the error by disconnecting and re-connecting from the VPN several times until the incorrect route is assigned.
The behavior persists when I check the box labeled "Route all IPv4 traffic through the VPN". The same interface is assigned to all routes -- sometimes 'en7', breaking the route to the Amazon subnet, and sometimes 'utun4' breaking the route to anything else.
I have Tunnelblick logs, a terminal session, and a screen capture. Please advise how to share if needed.
Reply all
Reply to author
Forward
0 new messages