Internet Access Issue on macOS with Azure Virtual WAN Point-to-Site VPN whilst working for Windows

MURALI KIRSHNA 0 Reputation points
2024-08-29T10:19:25.57+00:00

We are experiencing an issue with internet connectivity when using the Azure VPN client on macOS to connect to a Virtual WAN Point-to-Site (P2S) VPN gateway.

Issue Details:

Environment:

  • Virtual WAN with Point-to-Site VPN gateway configured for forced tunnelling.
  • Azure Firewall is used to allow and control internet access for VPN traffic. macOS Client Behaviour:
  • The client can successfully RDP into a Virtual Machine located in a spoke VNet connected to the Virtual Hub.
  • However, the macOS client cannot access the internet. The VPN client statistics on macOS show zero bytes of inbound traffic, despite outbound traffic being routed to the Azure Firewall.
  • Azure Firewall logs show that rules are being triggered, indicating that traffic is reaching the firewall, but no return traffic is coming back to the macOS client.
  • Windows Client Behaviour:
  • The same Azure VPN client, when installed on a Windows machine, connects to the VPN without issues and has full internet access.
  • The Windows client shows expected inbound and outbound traffic stats, with internet connectivity functioning normally.

Troubleshooting Steps Taken:

  • Verified that both the macOS and Windows VPN clients are subject to the same network and firewall rules.
  • Confirmed that RDP and other internal network access work correctly on macOS, but internet access does not.
  • Compared routing tables and DNS settings between macOS and Windows clients, finding no apparent discrepancies that would cause this issue.
  • No firewall logs indicate that return traffic is being blocked for the macOS client.

We would like assistance in diagnosing and resolving why internet traffic is not functioning on macOS when connected to the Azure Virtual WAN P2S VPN gateway, despite similar setups working on Windows. Specifically, we need to understand why the macOS client shows zero inbound traffic and cannot access the internet while other functionalities (like RDP) work correctly. We are experiencing an issue with internet connectivity when using the Azure VPN client on macOS to connect to a Virtual WAN Point-to-Site (P2S) VPN gateway.

Azure Virtual WAN
Azure Virtual WAN
An Azure virtual networking service that provides optimized and automated branch-to-branch connectivity.
215 questions
Azure VPN Gateway
Azure VPN Gateway
An Azure service that enables the connection of on-premises networks to Azure through site-to-site virtual private networks.
1,514 questions
Azure Firewall
Azure Firewall
An Azure network security service that is used to protect Azure Virtual Network resources.
653 questions
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. ChaitanyaNaykodi-MSFT 25,841 Reputation points Microsoft Employee
    2024-08-29T22:09:03.6666667+00:00

    @MURALI KIRSHNA

    Thank you for reaching out.

    • Can you confirm the default route from Azure is learned by the MacOS client ? you can run the netstat -rn command and see if the tunnel interface has this route. As documented here once a macOS client learns the default route from Azure, forced tunneling is automatically configured on the client device. There are no extra steps to take.
    • You can also perform a TCPdump at the tunnel interface and see if the internet traffic is exiting via the tunnel interface.
    • Also confirm if you have installed the latest Mac OS VPN Client version https://apps.apple.com/us/app/azure-vpn-client/id1553936137

    Thanks

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.