1

I have Cisco IPSec VPN (to my employer) configured on my MacBook Air. It works perfectly when I'm at home connected through WiFi to my cable modem (through an Airport Extreme). But when I try to connect through my Samsung Verizon 4G LTE Mobile Hotspot (that I got when attending Google I/O), I can't connect to anything (inside or outside my employers firewall). If I disconnect the VPN, network access returns.

I can't asked my employer's IT department for support because they don't support Mac OS X.

How do I troubleshoot this?

Update: Jason Berg suggested in a comment below that I reproduce the problem on a PC so I can get support from my employer's IT department. Unfortunately VPN works over the mobile hotspot on my Windows 7 notebook. So I (still) can't get support from IT.

Update #2: xeon's answer below links details on Verizon Wireless's forums where details are given about connections being "double natted" and which doesn't work with PPTP. That may not apply to my Cisco IPSec VPN. I wonder if I've failed to enable "VPN passthrough" as mentioned in some posts in that thread.

Update #3: I enabled "VPN passthrough" (following the instructions in the user manual downloaded from http://www.samsung.com/us/support/downloads/SCH-LC11ZKAVZW) but it still doesn't work. (There was also an undocumented "Privacy Separator enable" checkbox. I tried with it both unchecked and checked, and it didn't work either way.)

Community
  • 1
Daryl Spitzer
  • 2,996
  • 9
  • 33
  • 40
  • 1
    Replicate the issue on a PC and then ask your IT department for help. Seriously, this could be a configuration thing on the firewall (like a NAT traversal issue) or it could be related to Verizon blocking certain types of traffic. You wouldn't be able to solve either of those issues without your IT department's help, so replicate the issue on a supported device and ask them for assistance. – Jason Berg Jun 15 '11 at 21:32
  • That's good advice. I'll try that. – Daryl Spitzer Jun 15 '11 at 21:37
  • Unfortunately VPN works through the mobile hotspot on my Windows 7 notebook. :-( – Daryl Spitzer Jun 15 '11 at 22:53
  • OK. What type of vpn client are you using? Mac OS built in? Cisco VPN Client? Cisco Anyconnect VPN client? What version? What's the error? Enable logging, what do you see in the log screen? – Jason Berg Jun 15 '11 at 22:56
  • I'm using Mac OS X built-in, configured for Cisco IPSec VPN. It connects (and reports no errors and doesn't act any differently from when it works at home). I believe I get an IP address, but I can't ping the DNS server or any other machines. – Daryl Spitzer Jun 15 '11 at 23:13
  • I'm going to look into how to enable "VPN passthrough" first... – Daryl Spitzer Jun 15 '11 at 23:15
  • ...then I'll see if I'm being "double natted" as described in http://community.vzw.com/t5/4G-Discussion/Samsung-SCH-LC11-Blocks-Microsoft-VPN/m-p/494532#M1866. (Unless anyone has other suggestions or questions.) – Daryl Spitzer Jun 15 '11 at 23:16
  • I enabled VPN passthrough (using the hotspot's HTTP server) but still have the same problem. I also tried enabling (the undocumented checkbox) "Privacy Separator enable", but it still doesn't work. – Daryl Spitzer Jun 15 '11 at 23:29
  • How do I determine if I'm getting "double natted"? When I'm not trying to use VPN I'm getting issued 192.168.1.4, and the router (and DNS server) is 192.168.1.1. – Daryl Spitzer Jun 15 '11 at 23:34
  • @Daryl - Can you post log files for your VPN client? You'll find logs in /var/logs/system.log. It might also be fruitful to try it out with the official Cisco client to see if you get the same results. – Jason Berg Jun 16 '11 at 00:57

2 Answers2

1

I believe this is a problem with the Samsung device. I have the Verizon 4510L 4G MiFi and it works perfectly with our Cisco IPSec VPN and SSL VPN. There are a few threads on the Verizon Wireless community about the Samsung device not working with PPTP VPN. They say they will have a firmware update to resolve those issues. GRE packets are being blocked currently with the device. Some have reported trouble with Cisco IPSec as well.

Here is some information.

xeon
  • 3,806
  • 18
  • 18
1

The problem lies in the firewall configuration. They obviously have split-tunneling enabled and set up but may not have split-dns config'd. I had the same issue with Mac OS and my ASA. Once I had both config'd properly it all was seamless.

brett
  • 11
  • 1