IKEv2 Connects but internet is very slow
-
This was from a macbook. Thanks for trying.
-
No need to get nasty.
The font threw me, and the fact that it's a screen shot instead of a copy/paste. We usually get that from Windows users.
-
No nasty intent at all, sorry if it came across that way. Was being sincere - I appreciate you taking the time to at least point me in the right direction.
-
What version of macos?
-
Mojave 10.14.5
Your font instincts were pretty good though. I output the netstat results to a file and then opened it in the text editor on my windows machine and when I tried to paste it to the forum the columns were all messed up so I went with a screenshot so it would be easily readable.
-
what is the output of:
scutil --dns
when you are connected to the VPN? -
DNS configuration
resolver #1
nameserver[0] : 192.168.20.1
if_index : 16 (ipsec0)
flags : Request A records
reach : 0x00000002 (Reachable)resolver #2
domain : local
options : mdns
timeout : 5
flags : Request A records
reach : 0x00000000 (Not Reachable)
order : 300000resolver #3
domain : 254.169.in-addr.arpa
options : mdns
timeout : 5
flags : Request A records
reach : 0x00000000 (Not Reachable)
order : 300200resolver #4
domain : 8.e.f.ip6.arpa
options : mdns
timeout : 5
flags : Request A records
reach : 0x00000000 (Not Reachable)
order : 300400resolver #5
domain : 9.e.f.ip6.arpa
options : mdns
timeout : 5
flags : Request A records
reach : 0x00000000 (Not Reachable)
order : 300600resolver #6
domain : a.e.f.ip6.arpa
options : mdns
timeout : 5
flags : Request A records
reach : 0x00000000 (Not Reachable)
order : 300800resolver #7
domain : b.e.f.ip6.arpa
options : mdns
timeout : 5
flags : Request A records
reach : 0x00000000 (Not Reachable)
order : 301000DNS configuration (for scoped queries)
resolver #1
nameserver[0] : 172.20.10.1
if_index : 5 (en0)
flags : Scoped, Request A records
reach : 0x00020002 (Reachable,Directly Reachable Address)resolver #2
nameserver[0] : 192.168.20.1
if_index : 16 (ipsec0)
flags : Scoped, Request A records
reach : 0x00000002 (Reachable) -
So when you're connected to the VPN do both of these work quickly? (one sec)
dig @172.20.20.1 www.google.com
dig @192.168.20.1 www.google.com
-
dig @172.20.20.1 www.google.com
Connection Times Out
dig @192.168.20.1 www.google.com
Responds immediately <200ms
-
Just in case you had a typo I also ran
dig @172.20.10.1 www.google.com
this responded under 200ms as well.
-
Yeah that was a typo. Sorry. If both name servers respond in the same time frame (200ms is nothing to write home about) then I guess it's not DNS. If you do not NEED the clients to use a DNS server on the other side of the VPN, I don't think I would push it to them.
What, specifically, are you seeing?
-
My reason for pushing DNS to the other side is so that I can connect to machines on the other side using the hostnames stored in DNS Resolver and that part works. It's the internet connection that's the problem.
The thing that I can't get my head around is where is 172.20.10.1 coming from, as far as I know I didn't set it up.
-
The looks like the ethernet LAN on the client.