[j-nsp] SRX3xx VPN Client - NCP alternatives?
Olivier Benghozi
olivier.benghozi at wifirst.fr
Thu Nov 7 20:13:11 EST 2019
Using split tunneling (and split DNS) with this here, on several macs (and good^H^Hold SRX2xx).
It usually works properly (the routes to VPNize are configured statically within the profile config).
Never seen such /1 routes.
I know that «here it works» isn't that helpful, but at least this is how our mileage varies...
> Le 8 nov. 2019 à 01:31, Nathan Ward <juniper-nsp at daork.net> a écrit :
>
> We’re using the NCP Secure Entry client for Mac.
>
>
> They’ve come out with a version 4.0 recently, which supposedly has better compatibility with OS X 10.15. I’ve installed it.
> In “take all the traffic” mode, it installs a couple of /1 routes so they longest prefix match instead of default. Fine.
> In “split tunneling” mode, it *still* installs those /1 routes, but with a next hop of 0.0.0.1, so all of your non-VPN traffic is just dumped on the floor. Unlike split tunnelling mode, when you turn off the VPN connection, it leaves the broken routes in the table.
More information about the juniper-nsp
mailing list