VPN connects but DNS fails in Catalina

Gery · ‎03-21-2020

Hi

In Windows works well, but with MacOS Catalina connects well to the VPN but the DNS doesn't resolves the webpages in the browsers, and the DNS doesnt's responds to ping. The Pulse Secure version is the last 9.1.4 (1761).

I've revised in Windows thought cmd and it reports the same data as in mac os: ip, gateway, dns and ip and dhcp is configured automatically in both systems, but in Mac OS can't browse in internet. If i put the google's ip in the address bar, so can avoid the DNS, webpage loads correctly.

Here i'm connected to the VPN and have external connection to the net:

% ping 8.8.8.8

PING 8.8.8.8 (8.8.8.8): 56 data bytes

64 bytes from 8.8.8.8: icmp_seq=0 ttl=54 time=54.598 ms

64 bytes from 8.8.8.8: icmp_seq=1 ttl=54 time=54.505 ms

--- 8.8.8.8 ping statistics ---

2 packets transmitted, 2 packets received, 0.0% packet loss

round-trip min/avg/max/stddev = 54.505/54.552/54.598/0.046 ms

The first DNS are the right ones of my VPN's work:

scutil --dns | more

DNS configuration

resolver #1

nameserver[0] : 10.228.103.4

nameserver[1] : 10.228.103.27

flags : Request A records

reach : 0x00000002 (Reachable)

resolver #2

nameserver[0] : 8.8.8.8

nameserver[1] : 8.8.4.4

flags : Supplemental, Request A records

reach : 0x00000002 (Reachable)

order : 101600

Still well connected to the VPN, but the DNS doesn't respond to ping. In Windows the respond well.

% ping 10.228.103.4

PING 10.228.103.4 (10.228.103.4): 56 data bytes

Request timeout for icmp_seq 0

Request timeout for icmp_seq 1

^C

--- 10.228.103.4 ping statistics ---

3 packets transmitted, 0 packets received, 100.0% packet loss

This is my ethernet and the ip address:

iMac ~ % ifconfig

lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384

options=1203<RXCSUM,TXCSUM,TXSTATUS,SW_TIMESTAMP>

inet 127.0.0.1 netmask 0xff000000

inet6 ::1 prefixlen 128

inet6 fe80::1%lo0 prefixlen 64 scopeid 0x1

nd6 options=201<PERFORMNUD,DAD>

gif0: flags=8010<POINTOPOINT,MULTICAST> mtu 1280

stf0: flags=0<> mtu 1280

en0: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500

options=400<CHANNEL_IO>

ether 0c:4d:e9:d4:55:8d

inet6 fe80::145d:a167:bff4:3fe6%en0 prefixlen 64 secured scopeid 0x4

inet 192.168.1.100 netmask 0xffffff00 broadcast 192.168.1.255

nd6 options=201<PERFORMNUD,DAD>

media: autoselect (100baseTX <full-duplex,energy-efficient-ethernet>)

status: active

These are the routing tables:

% netstat -nr

Routing tables

Internet:

Destination Gateway Flags Netif Expire

default 192.168.1.1 UGSc en0

10.7.40.71 10.254.27.26 UGHS utun3

10.7.40.72 10.254.27.26 UGHS utun3

10.7.40.73 10.254.27.26 UGHS utun3

10.228.230.250 10.254.27.26 UGHS utun3

10.254.26.252 10.254.27.26 UGHS utun3

10.254.26.253 10.254.27.26 UGHS utun3

10.254.27.26 10.254.27.26 UH utun3

93.191.138.95 10.254.27.26 UGHS utun3

93.191.138.96 10.254.27.26 UGHS utun3

93.191.138.97 10.254.27.26 UGHS utun3

93.191.138.184/29 10.254.27.26 UGSc utun3

93.191.142.138 192.168.1.1 UGHS en0

127 127.0.0.1 UCS lo0

127.0.0.1 127.0.0.1 UH lo0

169.254 link#4 UCS en0 !

192.168.1 link#4 UCS en0 !

192.168.1.1 link#4 UHCS en0 !

192.168.1.1/32 link#4 UCS en0 !

192.168.1.1 34:e8:94:b0:88:5e UHLWIir en0 782

192.168.1.100/32 link#4 UCS en0 !

224.0.0/4 link#4 UmCS en0 !

224.0.0.251 1:0:5e:0:0:fb UHmLWI en0

255.255.255.255/32 link#4 UCS en0 !

Any help would be aprecciated. Thank you !!

[email protected] · ‎03-22-2020

Routing table shows no route for the Internal DNS servers 10.228.103.4 & 10.228.103.27, which implies that the DNS servers may not included in the split tunneling routes.

Please add the DNS servers IP under the VPN tuneling split tunneling policies and access control and check the behaviour.

Pulse Connect Secure Certified Expert

identityaws · ‎03-23-2020

Do DNS servers need to be explictly added to split tunnel rules and ACL? This does not sound usual.

Is this a temp work around for some bug that Pulse is working on or is this permanent?

Gery · ‎03-23-2020

If I have to add the DNS servers IP under the VPN tuneling split tunneling policies and access control i'm not the system admin, i suposse that i have to tell him, as i can't change this from the client side.

I don't understand that in windows 10 it works well, and there is no DNS servers in the routing table.

This is the windows 10 routing table:

===========================================================================
ILista de interfaces
14...02 05 85 7f eb 80 ......Juniper Networks Virtual Adapter
11...08 00 27 b6 5e 2f ......Adaptador de escritorio Intel(R) PRO/1000 MT
1...........................Software Loopback Interface 1
12...00 00 00 00 00 00 00 e0 Adaptador ISATAP de Microsoft
16...00 00 00 00 00 00 00 e0 Adaptador ISATAP de Microsoft #3
===========================================================================

IPv4 Tabla de enrutamiento
===========================================================================
Rutas activas:
Destino de red M scara de red Puerta de enlace Interfaz M‚trica
0.0.0.0 0.0.0.0 10.0.2.2 10.0.2.15 10
10.0.2.0 255.255.255.0 En v¡nculo 10.0.2.15 266
10.0.2.15 255.255.255.255 En v¡nculo 10.0.2.15 266
10.0.2.255 255.255.255.255 En v¡nculo 10.0.2.15 266
10.7.40.71 255.255.255.255 En v¡nculo 10.254.27.27 1
10.7.40.72 255.255.255.255 En v¡nculo 10.254.27.27 1
10.7.40.73 255.255.255.255 En v¡nculo 10.254.27.27 1
10.228.230.250 255.255.255.255 En v¡nculo 10.254.27.27 1
10.254.26.252 255.255.255.255 En v¡nculo 10.254.27.27 1
10.254.26.253 255.255.255.255 En v¡nculo 10.254.27.27 1
10.254.27.27 255.255.255.255 En v¡nculo 10.254.27.27 256
93.191.138.95 255.255.255.255 En v¡nculo 10.254.27.27 1
93.191.138.96 255.255.255.255 En v¡nculo 10.254.27.27 1
93.191.138.97 255.255.255.255 En v¡nculo 10.254.27.27 1
93.191.138.184 255.255.255.248 En v¡nculo 10.254.27.27 1
93.191.142.138 255.255.255.255 10.0.2.2 10.0.2.15 10
127.0.0.0 255.0.0.0 En v¡nculo 127.0.0.1 306
127.0.0.1 255.255.255.255 En v¡nculo 127.0.0.1 306
127.255.255.255 255.255.255.255 En v¡nculo 127.0.0.1 306
224.0.0.0 240.0.0.0 En v¡nculo 127.0.0.1 306
224.0.0.0 240.0.0.0 En v¡nculo 10.0.2.15 266
224.0.0.0 240.0.0.0 En v¡nculo 10.254.27.27 256
255.255.255.255 255.255.255.255 En v¡nculo 127.0.0.1 306
255.255.255.255 255.255.255.255 En v¡nculo 10.0.2.15 266
255.255.255.255 255.255.255.255 En v¡nculo 10.254.27.27 256
===========================================================================
Rutas persistentes:
Ninguno

IPv6 Tabla de enrutamiento
===========================================================================
Rutas activas:
Cuando destino de red m‚trica Puerta de enlace
1 306 ::1/128 En v¡nculo
11 266 fe80::/64 En v¡nculo
14 261 fe80::/64 En v¡nculo
11 266 fe80::3d29:9aec:ef2e:7c9a/128
En v¡nculo
14 261 fe80::e0b7:df9c:7d80:a73d/128
En v¡nculo
1 306 ff00::/8 En v¡nculo
11 266 ff00::/8 En v¡nculo
14 261 ff00::/8 En v¡nculo
===========================================================================
Rutas persistentes:
Ninguno

[email protected] · ‎03-25-2020

@identityaws: That's the expected setting to be applied on the VPN server. DNS servers has to be added to the ST rules, however implicit ACLs can be enabled by selected the "Allow allow DNS settings" under the connection profiles.

Pulse Connect Secure Certified Expert

[email protected] · ‎03-25-2020

@Gery : Based on the routing table, it seems that the tunnel mode is Split tunnel with the bunch of allow rules, so are you able to access both Internet and Intranet sites using FQDN from Windows but not on macOS?

Pulse Connect Secure Certified Expert

Gery · ‎03-29-2020

Hi Ray

Using FQDN with those rules I'm able to acces both Internet and Intranet in Windows, but in macOS I only access the Intranet, can't access the Internet by the DNS resolution problem.

I've donde many tests but i can't found a solution. If I install a windows virtual machine in MacOS, to experiment with another Windows and it works well too.

My main computer is an iMac, and I would like to solve this problem, because I have to use two computer now to work at home.

[email protected] · ‎03-30-2020

Can you capture the packets on both physical and virtual interface and confirm how the DNS packets are being sent or are you receiving the DNS response for the DNS queries which are being sent out from the macOS workstations?

Pulse Connect Secure Certified Expert

Gery · ‎04-02-2020

I've the logs in the Whireshark's format. Following the rules to not post links with the logs, i put some extract from them. I loaded in every try a wepage in the browser http//www.elpais.com.

I don't know if my enterprise has some GPO's to browse internet, and only can be applied to Windows machines, can be a problem with the FQDN (i've put the hostname as in windows, but I think MacOS could be adding .local behind the hostname) or where is the problem.

Logs Windows Physical Interface

No. Time Source Destination Protocol Length Info

19 2.710435 192.168.1.104 93.191.142.138 TLSv1.2 147 Application Data

20 2.778436 192.168.1.104 192.168.1.1 DNS 74 Standard query 0x187a A www.elpais.com

21 2.782051 192.168.1.104 192.168.1.1 TCP 66 50006 → 80 [SYN] Seq=0 Win=8192 Len=0 MSS=1460 WS=256 SACK_PERM=1

22 2.782787 192.168.1.1 192.168.1.104 TCP 60 80 → 50006 [SYN, ACK] Seq=0 Ack=1 Win=2800 Len=0 MSS=1400

23 2.782837 192.168.1.104 192.168.1.1 TCP 54 50006 → 80 [ACK] Seq=1 Ack=1 Win=64400 Len=0

24 2.787378 93.191.142.138 192.168.1.104 TCP 60 443 → 49934 [ACK] Seq=1 Ack=373 Win=10720 Len=0

25 2.812304 192.168.1.104 192.168.1.1 TCP 358 50006 → 80 [PSH, ACK] Seq=1 Ack=1 Win=64400 Len=304 [TCP segment of a reassembled PDU]

26 2.812353 192.168.1.104 192.168.1.1 HTTP/XML 367 POST /UD/?5 HTTP/1.1

27 2.812992 192.168.1.1 192.168.1.104 TCP 60 80 → 50006 [ACK] Seq=1 Ack=305 Win=2496 Len=0

28 2.813021 192.168.1.1 192.168.1.104 TCP 60 80 → 50006 [ACK] Seq=1 Ack=618 Win=2183 Len=0

29 2.813865 192.168.1.1 192.168.1.104 TCP 239 80 → 50006 [PSH, ACK] Seq=1 Ack=618 Win=2800 Len=185 [TCP segment of a reassembled PDU]

30 2.833762 192.168.1.1 192.168.1.104 DNS 291 Standard query response 0x187a A www.elpais.com CNAME elpais-as.com.edgekey.net CNAME e11934.b.akamaiedge.net A 2.16.108.67 A 2.16.108.50 A 2.16.108.66 A 2.16.108.72 A 2.16.108.51 A 2.16.108.64 A 2.16.108.48 A 2.16.108.43 A 2.16.108.49

31 2.837642 192.168.1.104 2.16.108.67 TCP 66 50007 → 80 [SYN] Seq=0 Win=8192 Len=0 MSS=1460 WS=256 SACK_PERM=1

32 2.838757 192.168.1.104 2.16.108.67 TCP 66 50008 → 80 [SYN] Seq=0 Win=8192 Len=0 MSS=1460 WS=256 SACK_PERM=1

33 2.891434 2.16.108.67 192.168.1.104 TCP 66 80 → 50007 [SYN, ACK] Seq=0 Ack=1 Win=29200 Len=0 MSS=1400 SACK_PERM=1 WS=128

34 2.891496 192.168.1.104 2.16.108.67 TCP 54 50007 → 80 [ACK] Seq=1 Ack=1 Win=65792 Len=0

35 2.892776 2.16.108.67 192.168.1.104 TCP 66 80 → 50008 [SYN, ACK] Seq=0 Ack=1 Win=29200 Len=0 MSS=1400 SACK_PERM=1 WS=128

36 2.892809 192.168.1.104 2.16.108.67 TCP 54 50008 → 80 [ACK] Seq=1 Ack=1 Win=65792 Len=0

37 2.901837 192.168.1.104 2.16.108.67 TCP 66 50009 → 80 [SYN] Seq=0 Win=8192 Len=0 MSS=1460 WS=256 SACK_PERM=1

38 2.910615 192.168.1.104 192.168.1.255 NBNS 92 Name query NB ISATAP<00>

39 2.951523 192.168.1.104 2.16.108.67 HTTP 463 GET / HTTP/1.1

40 2.955487 2.16.108.67 192.168.1.104 TCP 66 80 → 50009 [SYN, ACK] Seq=0 Ack=1 Win=29200 Len=0 MSS=1400 SACK_PERM=1 WS=128

41 2.955538 192.168.1.104 2.16.108.67 TCP 54 50009 → 80 [ACK] Seq=1 Ack=1 Win=65792 Len=0

42 3.009908 2.16.108.67 192.168.1.104 TCP 60 80 → 50007 [ACK] Seq=1 Ack=410 Win=30336 Len=0

43 3.011299 2.16.108.67 192.168.1.104 HTTP 413 HTTP/1.1 301 Moved Permanently

44 3.065280 192.168.1.104 192.168.1.1 TCP 54 50006 → 80 [ACK] Seq=618 Ack=186 Win=64215 Len=0

45 3.066041 192.168.1.1 192.168.1.104 HTTP/XML 479 HTTP/1.1 200 OK

46 3.066135 192.168.1.104 192.168.1.1 TCP 54 50006 → 80 [FIN, ACK] Seq=618 Ack=611 Win=63790 Len=0

47 3.066636 192.168.1.1 192.168.1.104 TCP 60 80 → 50006 [ACK] Seq=611 Ack=619 Win=2800 Len=0

48 3.067241 192.168.1.1 192.168.1.104 TCP 60 80 → 50006 [FIN, ACK] Seq=611 Ack=619 Win=2800 Len=0

49 3.067265 192.168.1.104 192.168.1.1 TCP 54 50006 → 80 [ACK] Seq=619 Ack=612 Win=63790 Len=0

50 3.251455 192.168.1.104 2.16.108.67 TCP 66 50010 → 443 [SYN] Seq=0 Win=8192 Len=0 MSS=1460 WS=256 SACK_PERM=1

51 3.265202 192.168.1.104 2.16.108.67 TCP 54 50007 → 80 [ACK] Seq=410 Ack=360 Win=65280 Len=0

52 3.305193 2.16.108.67 192.168.1.104 TCP 66 443 → 50010 [SYN, ACK] Seq=0 Ack=1 Win=29200 Len=0 MSS=1400 SACK_PERM=1 WS=128

53 3.305258 192.168.1.104 2.16.108.67 TCP 54 50010 → 443 [ACK] Seq=1 Ack=1 Win=65792 Len=0

54 3.334438 192.168.1.104 2.16.108.67 TLSv1.2 571 Client Hello

55 3.394535 2.16.108.67 192.168.1.104 TCP 60 443 → 50010 [ACK] Seq=1 Ack=518 Win=30336 Len=0

56 3.397886 2.16.108.67 192.168.1.104 TLSv1.2 1454 Server Hello

57 3.399577 2.16.108.67 192.168.1.104 TCP 1454 443 → 50010 [ACK] Seq=1401 Ack=518 Win=30336 Len=1400 [TCP segment of a reassembled PDU]

58 3.399606 192.168.1.104 2.16.108.67 TCP 54 50010 → 443 [ACK] Seq=518 Ack=2801 Win=65792 Len=0

59 3.401028 2.16.108.67 192.168.1.104 TLSv1.2 1112 Certificate, Certificate Status, Server Key Exchange, Server Hello Done

60 3.520384 192.168.1.104 2.16.108.67 TLSv1.2 180 Client Key Exchange, Change Cipher Spec, Encrypted Handshake Message

61 3.522384 192.168.1.104 2.16.108.67 TLSv1.2 153 Application Data

62 3.523611 192.168.1.104 2.16.108.67 TLSv1.2 403 Application Data

63 3.575685 2.16.108.67 192.168.1.104 TLSv1.2 312 New Session Ticket, Change Cipher Spec, Encrypted Handshake Message

64 3.580512 2.16.108.67 192.168.1.104 TLSv1.2 131 Application Data

65 3.580558 192.168.1.104 2.16.108.67 TCP 54 50010 → 443 [ACK] Seq=1092 Ack=4194 Win=64256 Len=0

66 3.584735 2.16.108.67 192.168.1.104 TLSv1.2 428 Application Data

67 3.623087 192.168.1.104 2.16.108.67 TLSv1.2 92 Application Data

Logs Windows Virtual Interface

No. Time Source Destination Protocol Length Info

1 0.000000 10.254.27.14 239.255.255.250 SSDP 216 M-SEARCH * HTTP/1.1

2 0.000034 10.254.27.14 239.255.255.250 SSDP 216 M-SEARCH * HTTP/1.1

3 1.008679 10.254.27.14 239.255.255.250 SSDP 216 M-SEARCH * HTTP/1.1

4 1.008710 10.254.27.14 239.255.255.250 SSDP 216 M-SEARCH * HTTP/1.1

5 2.008749 10.254.27.14 239.255.255.250 SSDP 216 M-SEARCH * HTTP/1.1

6 2.008777 10.254.27.14 239.255.255.250 SSDP 216 M-SEARCH * HTTP/1.1

7 3.009187 10.254.27.14 239.255.255.250 SSDP 216 M-SEARCH * HTTP/1.1

8 3.009225 10.254.27.14 239.255.255.250 SSDP 216 M-SEARCH * HTTP/1.1

Gery · ‎04-02-2020

MacOS Physical Interface

No. Time Source Destination Protocol Length Info

155 27.127298 93.191.142.138 192.168.1.100 TCP 60 [TCP ACKed unseen segment] 443 → 51531 [ACK] Seq=1 Ack=2 Win=10720 Len=0

156 29.085737 192.168.1.104 192.168.1.255 BROWSER 243 Local Master Announcement X18040SA-PC, Workstation, Server, NT Workstation, Potential Browser, Master Browser

157 29.085750 192.168.1.104 192.168.1.255 BROWSER 243 Local Master Announcement X18040SA-PC, Workstation, Server, NT Workstation, Potential Browser, Master Browser

158 29.117038 192.168.1.100 192.168.1.1 DNS 83 Standard query 0xb550 A X18040SA-PC.iecisa.corp

159 29.174222 192.168.1.1 192.168.1.100 DNS 158 Standard query response 0xb550 No such name A X18040SA-PC.iecisa.corp SOA a.root-servers.net

160 29.174816 192.168.1.100 10.228.103.4 DNS 71 Standard query 0x6b90 A X18040SA-PC

161 30.177950 192.168.1.100 10.228.103.4 DNS 71 Standard query 0x6b90 A X18040SA-PC

162 30.282727 93.191.138.96 192.168.1.100 TLSv1.2 135 Application Data

163 30.282874 192.168.1.100 93.191.138.96 TCP 66 50969 → 443 [ACK] Seq=1 Ack=277 Win=2165 Len=0 TSval=770331536 TSecr=1905758438

164 30.974901 74.125.206.189 192.168.1.100 UDP 553 443 → 58848 Len=511

165 30.986593 173.194.76.189 192.168.1.100 UDP 554 443 → 52038 Len=512

166 30.996902 192.168.1.100 74.125.206.189 UDP 71 58848 → 443 Len=29

167 31.008365 192.168.1.100 173.194.76.189 UDP 71 52038 → 443 Len=29

168 31.163587 192.168.1.100 108.177.15.189 UDP 65 50930 → 443 Len=23

169 31.254451 108.177.15.189 192.168.1.100 UDP 64 443 → 50930 Len=22

170 31.395919 74.125.206.189 192.168.1.100 UDP 778 443 → 58848 Len=736

171 31.417606 192.168.1.100 74.125.206.189 UDP 71 58848 → 443 Len=29

172 31.751944 192.168.1.100 93.191.138.97 TCP 176 50972 → 8080 [PSH, ACK] Seq=331 Ack=586 Win=2048 Len=110 TSval=770333005 TSecr=1097590493

173 31.809052 93.191.138.97 192.168.1.100 TCP 261 8080 → 50972 [PSH, ACK] Seq=586 Ack=441 Win=255 Len=195 TSval=1097600493 TSecr=770333005

174 31.809133 192.168.1.100 93.191.138.97 TCP 66 50972 → 8080 [ACK] Seq=441 Ack=781 Win=2044 Len=0 TSval=770333062 TSecr=1097600493

175 32.022546 74.125.206.189 192.168.1.100 UDP 762 443 → 58848 Len=720

176 32.044675 192.168.1.100 74.125.206.189 UDP 71 58848 → 443 Len=29

177 32.124740 173.194.76.189 192.168.1.100 UDP 763 443 → 52038 Len=721

178 32.145683 192.168.1.100 173.194.76.189 UDP 71 52038 → 443 Len=29

179 32.179830 192.168.1.100 10.228.103.27 DNS 71 Standard query 0x6b90 A X18040SA-PC

180 32.309976 74.125.206.189 192.168.1.100 UDP 553 443 → 58848 Len=511

181 32.328363 173.194.76.189 192.168.1.100 UDP 554 443 → 52038 Len=512

182 32.331240 192.168.1.100 239.255.255.250 SSDP 217 M-SEARCH * HTTP/1.1

183 32.331612 192.168.1.100 74.125.206.189 UDP 71 58848 → 443 Len=29

184 32.349374 192.168.1.100 173.194.76.189 UDP 71 52038 → 443 Len=29

185 32.938962 192.168.1.100 10.228.103.27 DNS 74 Standard query 0x3b10 A www.elpais.com

186 33.181788 192.168.1.100 10.228.103.27 DNS 71 Standard query 0x6b90 A X18040SA-PC

187 33.331791 192.168.1.100 239.255.255.250 SSDP 217 M-SEARCH * HTTP/1.1

188 33.889497 108.177.15.189 192.168.1.100 UDP 83 443 → 50930 Len=41

189 33.908733 192.168.1.100 108.177.15.189 UDP 71 50930 → 443 Len=29

190 33.939364 192.168.1.100 10.228.103.27 DNS 74 Standard query 0x3b10 A www.elpais.com

191 33.994403 216.58.201.174 192.168.1.100 UDP 84 443 → 61090 Len=42

192 34.001683 216.58.201.174 192.168.1.100 UDP 62 443 → 61090 Len=20

193 34.009231 192.168.1.100 216.58.201.174 UDP 71 61090 → 443 Len=29

194 34.116248 192.168.1.100 192.168.1.255 NBNS 92 Name query NB X18040SA-PC<20>

195 34.116735 PcsCompu_b6:5e:2f Broadcast ARP 42 Who has 192.168.1.100? Tell 192.168.1.104

196 34.116759 PcsCompu_b6:5e:2f Broadcast ARP 42 Who has 192.168.1.100? Tell 192.168.1.104

197 34.116803 Apple_d4:55:8d PcsCompu_b6:5e:2f ARP 42 192.168.1.100 is at 0c:4d:e9:d4:55:8d

198 34.116915 192.168.1.104 192.168.1.100 NBNS 104 Name query response NB 192.168.1.104

199 34.117367 192.168.1.100 192.168.1.104 TCP 78 51538 → 445 [SYN] Seq=0 Win=65535 Len=0 MSS=1460 WS=64 TSval=770335366 TSecr=0 SACK_PERM=1

200 34.117569 192.168.1.104 192.168.1.100 TCP 74 445 → 51538 [SYN, ACK] Seq=0 Ack=1 Win=8192 Len=0 MSS=1460 WS=256 SACK_PERM=1 TSval=510740 TSecr=770335366

201 34.117619 192.168.1.100 192.168.1.104 TCP 66 51538 → 445 [ACK] Seq=1 Ack=1 Win=131712 Len=0 TSval=770335366 TSecr=510740

202 34.143533 173.194.76.189 192.168.1.100 UDP 771 443 → 52038 Len=729

203 34.164964 192.168.1.100 173.194.76.189 UDP 71 52038 → 443 Len=29

204 34.331885 192.168.1.100 239.255.255.250 SSDP 217 M-SEARCH * HTTP/1.1

205 34.365735 192.168.1.100 192.168.1.104 TCP 78 51539 → 139 [SYN] Seq=0 Win=65535 Len=0 MSS=1460 WS=64 TSval=770335614 TSecr=0 SACK_PERM=1

206 34.365800 192.168.1.100 192.168.1.104 TCP 66 51538 → 445 [FIN, ACK] Seq=1 Ack=1 Win=131712 Len=0 TSval=770335614 TSecr=510740

207 34.365988 192.168.1.104 192.168.1.100 TCP 74 139 → 51539 [SYN, ACK] Seq=0 Ack=1 Win=8192 Len=0 MSS=1460 WS=256 SACK_PERM=1 TSval=510765 TSecr=770335614

208 34.366037 192.168.1.100 192.168.1.104 TCP 54 51539 → 139 [RST] Seq=1 Win=0 Len=0

209 34.366065 192.168.1.104 192.168.1.100 TCP 66 445 → 51538 [ACK] Seq=1 Ack=2 Win=66560 Len=0 TSval=510765 TSecr=770335614

210 34.366123 192.168.1.104 192.168.1.100 TCP 54 445 → 51538 [RST, ACK] Seq=1 Ack=2 Win=0 Len=0

211 34.366278 192.168.1.100 192.168.1.104 TCP 78 51540 → 445 [SYN] Seq=0 Win=65535 Len=0 MSS=1460 WS=128 TSval=770335614 TSecr=0 SACK_PERM=1

212 34.366474 192.168.1.104 192.168.1.100 TCP 74 445 → 51540 [SYN, ACK] Seq=0 Ack=1 Win=8192 Len=0 MSS=1460 WS=256 SACK_PERM=1 TSval=510765 TSecr=770335614

213 34.366527 192.168.1.100 192.168.1.104 TCP 66 51540 → 445 [ACK] Seq=1 Ack=1 Win=5571840 Len=0 TSval=770335614 TSecr=510765

214 34.366537 192.168.1.100 192.168.1.104 SMB 117 Negotiate Protocol Request

215 34.366989 192.168.1.104 192.168.1.100 SMB 197 Negotiate Protocol Response

216 34.367023 192.168.1.100 192.168.1.104 TCP 66 51540 → 445 [ACK] Seq=52 Ack=132 Win=5571712 Len=0 TSval=770335615 TSecr=510765

217 34.606575 192.168.1.100 192.168.1.104 SMB 258 Session Setup AndX Request, NTLMSSP_NEGOTIATE

218 34.607101 192.168.1.104 192.168.1.100 SMB 482 Session Setup AndX Response, NTLMSSP_CHALLENGE, Error: STATUS_MORE_PROCESSING_REQUIRED

219 34.607174 192.168.1.100 192.168.1.104 TCP 66 51540 → 445 [ACK] Seq=244 Ack=548 Win=5571328 Len=0 TSval=770335853 TSecr=510789

220 34.607681 192.168.1.100 192.168.1.104 SMB 109 Logoff AndX Request

221 34.607919 192.168.1.104 192.168.1.100 SMB 109 Logoff AndX Response

222 34.607968 192.168.1.100 192.168.1.104 TCP 66 51540 → 445 [ACK] Seq=287 Ack=591 Win=5571200 Len=0 TSval=770335854 TSecr=510789

223 34.608023 192.168.1.100 192.168.1.104 TCP 66 51540 → 445 [FIN, ACK] Seq=287 Ack=591 Win=5571200 Len=0 TSval=770335854 TSecr=510789

224 34.608177 192.168.1.100 192.168.1.255 NBNS 92 Name query NB WORKGROUP<1d>

225 34.608183 192.168.1.104 192.168.1.100 TCP 66 445 → 51540 [ACK] Seq=591 Ack=288 Win=66304 Len=0 TSval=510789 TSecr=770335854

226 34.608357 192.168.1.104 192.168.1.100 NBNS 104 Name query response NB 192.168.1.104

227 34.608482 192.168.1.104 192.168.1.100 TCP 54 445 → 51540 [RST, ACK] Seq=591 Ack=288 Win=0 Len=0

228 34.608499 192.168.1.100 192.168.1.255 BROWSER 216 Get Backup List Request

229 34.608872 192.168.1.104 192.168.1.255 NBNS 92 Name query NB IMAC-D4558D<00>

230 34.608890 192.168.1.104 192.168.1.255 NBNS 92 Name query NB IMAC-D4558D<00>

231 34.609003 192.168.1.100 192.168.1.104 NBNS 104 Name query response NB 192.168.1.100

232 34.609191 192.168.1.104 192.168.1.100 BROWSER 228 Get Backup List Response

233 34.609291 192.168.1.100 192.168.1.104 NBNS 92 Name query NBSTAT X18040SA-PC<20>

234 34.609460 192.168.1.104 192.168.1.100 NBNS 253 Name query response NBSTAT

235 34.674408 192.168.1.100 10.228.103.27 DNS 75 Standard query 0x0741 A play.google.com

236 35.063357 192.168.1.100 216.58.201.174 UDP 593 61090 → 443 Len=551

237 35.136866 216.58.201.174 192.168.1.100 UDP 64 443 → 61090 Len=22

238 35.332339 192.168.1.100 239.255.255.250 SSDP 217 M-SEARCH * HTTP/1.1

239 35.352963 216.58.201.174 192.168.1.100 UDP 233 443 → 61090 Len=191

240 35.354794 216.58.201.174 192.168.1.100 UDP 82 443 → 61090 Len=40

241 35.367673 192.168.1.100 216.58.201.174 UDP 71 61090 → 443 Len=29

242 35.552392 192.168.1.1 192.168.1.255 RIPv2 86 Response

243 35.677650 192.168.1.100 10.228.103.27 DNS 75 Standard query 0x0741 A play.google.com

244 35.939693 192.168.1.100 10.228.103.4 DNS 74 Standard query 0x3b10 A www.elpais.com

245 36.041414 192.168.1.100 10.228.103.4 DNS 81 Standard query 0x4e3a A p71-caldav.icloud.com

246 36.939660 192.168.1.100 10.228.103.4 DNS 74 Standard query 0x3b10 A www.elpais.com

247 37.044851 192.168.1.100 10.228.103.4 DNS 81 Standard query 0x4e3a A p71-caldav.icloud.com

248 37.678594 192.168.1.100 10.228.103.4 DNS 75 Standard query 0x0741 A play.google.com

249 37.809720 74.125.206.189 192.168.1.100 UDP 553 443 → 58848 Len=511

250 37.820905 173.194.76.189 192.168.1.100 UDP 554 443 → 52038 Len=512

251 37.831623 192.168.1.100 74.125.206.189 UDP 71 58848 → 443 Len=29

252 37.842064 192.168.1.100 173.194.76.189 UDP 71 52038 → 443 Len=29

253 38.428927 74.125.206.189 192.168.1.100 UDP 752 443 → 58848 Len=710

254 38.450565 192.168.1.100 74.125.206.189 UDP 71 58848 → 443 Len=29

255 38.682540 192.168.1.100 10.228.103.4 DNS 75 Standard query 0x0741 A play.google.com

256 38.939611 192.168.1.100 10.228.103.27 DNS 74 Standard query 0x3b10 A www.elpais.com

257 39.045100 192.168.1.100 10.228.103.27 DNS 81 Standard query 0x4e3a A p71-caldav.icloud.com

258 39.487054 173.194.76.189 192.168.1.100 UDP 778 443 → 52038 Len=736

259 39.508167 192.168.1.100 173.194.76.189 UDP 71 52038 → 443 Len=29

260 40.045021 192.168.1.100 10.228.103.27 DNS 81 Standard query 0x4e3a A p71-caldav.icloud.com

261 40.297584 93.191.138.96 192.168.1.100 TLSv1.2 135 Application Data

262 40.297667 192.168.1.100 93.191.138.96 TCP 66 50969 → 443 [ACK] Seq=1 Ack=346 Win=2165 Len=0 TSval=770341540 TSecr=1905759439

263 40.682509 192.168.1.100 10.228.103.27 DNS 75 Standard query 0x0741 A play.google.com

264 41.510389 192.168.1.100 10.228.103.4 DNS 85 Standard query 0x77d1 A lh6.googleusercontent.com

MacOS Virtual Interface

There are no traces when I browse in internet, only when I access to the intranet.

VPN connects but DNS fails in Catalina

VPN connects but DNS fails in Catalina

Re: VPN connects but DNS fails in Catalina

Re: VPN connects but DNS fails in Catalina

Re: VPN connects but DNS fails in Catalina

Re: VPN connects but DNS fails in Catalina

Re: VPN connects but DNS fails in Catalina

Re: VPN connects but DNS fails in Catalina

Re: VPN connects but DNS fails in Catalina

Re: VPN connects but DNS fails in Catalina

Re: VPN connects but DNS fails in Catalina