Opened 2 months ago

Closed 2 months ago

#1154 closed defect (pending)

ietf-nat64 and Pulse Secure VPN

Reported by: tale@… Owned by: panda@…
Priority: tbd Milestone: ietf-100
Component: nat64 Keywords:
Cc: Clemens Schrimpe My Current Location:
My MAC Address: My OS:

Description

When using ietf-nat64 with the Pulse Secure VPN I can't access network
resources from the other side of the VPN.  This is apparently because
Pulse is not updating the system nameservers so they still point to
the IETF v6 nameservers instead of the V4-only ones inside my company,
and thus I only get the externally-visible resolution (or lack
thereof).

Attempting to resolve this by updating the nameservers in System
Preferences -> Network -> Wi-Fi -> Advanced... did not fix the
problem, even after DNS cache flush, nor did updating
/etc/resolv.conf.  This honestly kind of surprised me; I really
thought updating them in System Preferences, though annoying, would
work.

I'm using Pulse Secure version 5.2.5 (build 869) on OS X 10.12.6 (Sierra).

Change history (4)

comment:1 Changed 2 months ago by llynch@…

Component: incomingnat64
Owner: changed from < default > to jim@…
Status: newassigned

Jim -

Do we have an owner for the 6/4 experiment?

  • Lucy

comment:2 in reply to:  2 ; Changed 2 months ago by jim@…

Yupp, Jen Linkova. 

Sent from my iPhone

> On Nov 11, 2017, at 2:15 PM, IETF Tickets/NOC <tickets@meeting.ietf.org> wrote:
> 
> #1154: ietf-nat64 and Pulse Secure VPN
> --------------------------+--------------------------------
>      Reporter:  tale@…   |                Owner:  jim@…
>          Type:  request  |               Status:  assigned
>      Priority:  tbd      |            Milestone:  ietf-100
>     Component:  nat64    |           Resolution:
>      Keywords:           |  My Current Location:
> My MAC  Address:          |                My OS:
> --------------------------+--------------------------------
> Changes (by llynch@…):
> 
> * owner:  < default > => jim@…
> * status:  new => assigned
> * component:  incoming => nat64
> 
> 
> Comment:
> 
> Jim -
> 
> Do we have an owner for the 6/4 experiment?
> 
> - Lucy
> 
> --
> Ticket URL: <https://tickets.meeting.ietf.org/ticket/1154#comment:1>
> IETF Tickets/NOC <https://tickets.meeting.ietf.org>
> IETF Meeting Tickets - NOC pages

comment:3 Changed 2 months ago by llynch@…

Cc: Clemens Schrimpe added
Owner: changed from jim@… to panda@…
Type: requestdefect

comment:4 Changed 2 months ago by panda@…

Resolution: pending
Status: assignedclosed

Thanks for trying the NAT64 network (SSID ietf-nat64) and reporting your experience. As far as we can tell, the issue you reported is either an issue of the NAT64 implementation’s handling of that specific traffic or the given application vendor's implementation. We’re collecting all the issues that come up and will pass the reports back to the vendor at the end of the week. Hopefully this will lead to better implementations and greater functionality for the next meeting. If you’re curious about other known issues, please see https://tickets.meeting.ietf.org/wiki/nat64

If you have additional input on this issue please update the ticket, if you see new issues please open additional tickets.

Thanks -

Note: See TracTickets for help on using tickets.