Lion + AnyConnect = b0rked IPv6
Dyonisius (Dick) Visser
visser at terena.org
Fri Aug 26 15:00:51 CEST 2011
On 2011-08-25 13:04, Dyonisius Visser wrote:
> Hi
>
> I'm having trouble getting AnyConnect to work on MacOS X 10.7.1.
> I've tried the latest version of AnyConnect (3.0.3054), which has some
> Lion-specific fixes. It does 'work' (i.e. installation OK,
> authentication fine, etc), but after that no IPv6 at all any more.
>
> Has anyone managed to get IPv6 to work using Lion and AnyConnect?
>
> At this moment Lion is a no-go since we have a lot of IPv6-only services...
(apologies for HTML)
I took a test machine and did a clean install of Snow Leopard 10.6.8 on
one partition and Lion 10.7.1 on the other partition, then installed
AnyConnect 3.0.3054 on both systems. I then connected to our ASA5505
with both systems and compared the IPv6 routing tables (netstat -rn -f
inet6). They look very similar, with the notable exception of the
default IPv6 route - which is not set in Lion.
This would of course explain the lack of IPv6 connectivity ;-)
Snow Leopard:
Internet6:
Destination Gateway
Flags Netif Expire
default 2001:610:148:beef::160
USc utun0
::1 ::1
UH lo0
2001:610:148:beef::160 link#7
UHL lo0
2001:610:148:beef::/64 fe80::21f:f3ff:fe36:57cc%utun0
Uc utun0
fe80::1%lo0 link#1
UHL lo0
fe80::21f:5bff:fec3:c51e%en1 0:1f:5b:c3:c5:1e
UHL lo0
fe80::21f:f3ff:fe36:57cc%utun0 link#7
UHL lo0
fe80::%utun0/64 fe80::21f:f3ff:fe36:57cc%utun0
Uc utun0
ff01::/32 ::1
Um lo0
ff02::/32 ::1
UmC lo0
ff02::/32 fe80::21f:f3ff:fe36:57cc%utun0
UmC utun0
ff02::/32 link#5
UmC en1
Lion:
Internet6:
Destination Gateway
Flags Netif Expire
::1 link#1
UHL lo0
2001:610:148:beef::160 link#7
UHL lo0
2001:610:148:beef::/64 fe80::21f:f3ff:fe4e:8623%utun0
Uc utun0
fe80::1%lo0 link#1
UHLI lo0
fe80::21f:5bff:fec3:c51e%en1 0:1f:5b:c3:c5:1e
UHLI lo0
fe80::21f:f3ff:fe4e:8623%utun0 link#7
UHLI lo0
fe80::%utun0/64 fe80::21f:f3ff:fe4e:8623%utun0
UcI utun0
ff01::%en1/32 link#5
UmCI en1
ff01::%lo0/32 fe80::1%lo0
UmCI lo0
ff01::%utun0/32 fe80::21f:f3ff:fe4e:8623%utun0
UmCI utun0
ff02::%en1/32 link#5
UmCI en1
ff02::%lo0/32 fe80::1%lo0
UmCI lo0
ff02::%utun0/32 fe80::21f:f3ff:fe4e:8623%utun0
UmCI utun0
After manually adding the same default gateway on Lion:
route add -inet6 default 2001:610:148:beef::160 -ifp utun0
everything starts to work :-)
It's still unclear where the problem is (Lion of AnyConnect).
Let's hope that there is somebody from Cisco and Apple that will liaise
to get this fixed.
From the looks of it, it should not be too hard.
--
Dyonisius (Dick) Visser
System & Network Engineer
TERENA Secretariat
Singel 468D, 1017 AW Amsterdam
The Netherlands
T +31 20 530 44 88 F +31 20 530 44 99
visser at terena.org | www.terena.org
--
--
Dyonisius (Dick) Visser
System & Network Engineer
TERENA Secretariat
Singel 468D, 1017 AW Amsterdam
The Netherlands
T +31 20 530 44 88 F +31 20 530 44 99
visser at terena.org | www.terena.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 6687 bytes
Desc: S/MIME Cryptographic Signature
Url : http://lists.cluenet.de/pipermail/ipv6-ops/attachments/20110826/fc52ecad/attachment.bin
More information about the ipv6-ops
mailing list