Quinn, Thank you for the response. Just to be clear, there is no other supported way to configure a utun device in newer macOS releases, correct? I want to make sure I haven't missed something. Scott

Weird. I could have sworn I attached it. Try #2. I also don't see anything that indicates a "Last Exception Background" crash.txt

Quinn, Thanks that helps a lot.

Disregard this post. I found that not all the routes needed were getting set. Sorry for the issue.

@eskimo, I'm going to need to back track my back track. After doing some more testing and examining of the route table I am still having an issue when I change the PTP IPv4 Settings to go from a Split Tunnel configuration to a Full Tunnel configuration, i.e. PTP includedRoutes = defaultRoute. From initial connection Full Tunnel config works exactly as expected, but once I change to Split and then back to Full the system appears to think there is no network. Thoughts of where I can look? Thx

I can now see the same issue on macOS.

FB13286881

Quinn, Thanks. I actually discovered the second method late last night. Since when I'm developing in Xcode I found that if I change the build number in the project it does replace the existing extension which is what I was needing. Scott

Quinn, It is a PTP and is a sysex.

Quinn, I was able to test 15.1.1 and our PTP client on a Intel based Mac mini and it worked successfully so either this is an issue with my M1 macbook pro or an issue with M1s in general. I will try and get some more data points. All I know is that traffic on the M1 Macbook Pro, in particular DNS requests, are not making it to the TUN device and because the requests are not getting resolved so no traffic is flowing.

@DTS Engineer Unfortunately, I was apple to recreate the issue on another M3 MacbookPro so it does appear to only occur on Apple Silicon. Scott

@DTS Engineer Yes that is correct but I will retest today just to verify. I have also tried on 2 Apple Silicon macs with the same results. That said, was there any change in 15.1.1 that cause the PTP sysex to not work? Scott

@DTS Engineer I have again retested on the Intel based Mac Mini and it works as expected. What things can I do to even debug this beyond the wireshark trace? Is there any internal tool I can use? Scott

@DTS Engineer For reference here is the NEPacketTunnelNetworkSettings Tue Dec 03 19:27:38.721 2024 UTC [0x0x16debb000] ERROR (TunNetworkInterface:268) --- { Tue Dec 03 19:27:38.721 2024 UTC [0x0x16debb000] ERROR (TunNetworkInterface:268) --- tunnelRemoteAddress = 172.86.175.254 Tue Dec 03 19:27:38.721 2024 UTC [0x0x16debb000] ERROR (TunNetworkInterface:268) --- DNSSettings = { Tue Dec 03 19:27:38.721 2024 UTC [0x0x16debb000] ERROR (TunNetworkInterface:268) --- protocol = cleartext Tue Dec 03 19:27:38.721 2024 UTC [0x0x16debb000] ERROR (TunNetworkInterface:268) --- server = ( Tue Dec 03 19:27:38.721 2024 UTC [0x0x16debb000] ERROR (TunNetworkInterface:268) --- 100.127.255.254, Tue Dec 03 19:27:38.721 2024 UTC [0x0x16debb000] ERROR (TunNetworkInterface:268) --- ) Tue Dec 03 19:27:38.721 2024 UTC [0x0x16debb000] ERROR (TunNetworkInterface:268) --- matchDomains = ( Tue Dec 03 19:27:38.721 2024 UTC [0x0x16debb000] ERROR (TunNetworkInterface:268) --- , Tue Dec 03 19:27:38.721 2024 UTC [0x0x16debb000] ERROR (TunNetworkInterface:268) --- ) Tue Dec 03 19:27:38.721 2024 UTC [0x0x16debb000] ERROR (TunNetworkInterface:268) --- matchDomainsNoSearch = NO Tue Dec 03 19:27:38.721 2024 UTC [0x0x16debb000] ERROR (TunNetworkInterface:268) --- } Tue Dec 03 19:27:38.721 2024 UTC [0x0x16debb000] ERROR (TunNetworkInterface:268) --- IPv4Settings = { Tue Dec 03 19:27:38.721 2024 UTC [0x0x16debb000] ERROR (TunNetworkInterface:268) --- configMethod = manual Tue Dec 03 19:27:38.721 2024 UTC [0x0x16debb000] ERROR (TunNetworkInterface:268) --- addresses = ( Tue Dec 03 19:27:38.722 2024 UTC [0x0x16debb000] ERROR (TunNetworkInterface:268) --- 172.86.175.254, Tue Dec 03 19:27:38.722 2024 UTC [0x0x16debb000] ERROR (TunNetworkInterface:268) --- ) Tue Dec 03 19:27:38.722 2024 UTC [0x0x16debb000] ERROR (TunNetworkInterface:268) --- subnetMasks = ( Tue Dec 03 19:27:38.722 2024 UTC [0x0x16debb000] ERROR (TunNetworkInterface:268) --- 255.255.255.254, Tue Dec 03 19:27:38.722 2024 UTC [0x0x16debb000] ERROR (TunNetworkInterface:268) --- ) Tue Dec 03 19:27:38.722 2024 UTC [0x0x16debb000] ERROR (TunNetworkInterface:268) --- includedRoutes = ( Tue Dec 03 19:27:38.722 2024 UTC [0x0x16debb000] ERROR (TunNetworkInterface:268) --- { Tue Dec 03 19:27:38.722 2024 UTC [0x0x16debb000] ERROR (TunNetworkInterface:268) --- destinationAddress = 0.0.0.0 Tue Dec 03 19:27:38.722 2024 UTC [0x0x16debb000] ERROR (TunNetworkInterface:268) --- destinationSubnetMask = 0.0.0.0 Tue Dec 03 19:27:38.722 2024 UTC [0x0x16debb000] ERROR (TunNetworkInterface:268) --- }, Tue Dec 03 19:27:38.734 2024 UTC [0x0x16debb000] ERROR (TunNetworkInterface:268) --- ) Tue Dec 03 19:27:38.734 2024 UTC [0x0x16debb000] ERROR (TunNetworkInterface:268) --- excludedRoutes = ( Tue Dec 03 19:27:38.734 2024 UTC [0x0x16debb000] ERROR (TunNetworkInterface:268) --- { Tue Dec 03 19:27:38.735 2024 UTC [0x0x16debb000] ERROR (TunNetworkInterface:268) --- destinationAddress = 20.253.190.7 Tue Dec 03 19:27:38.735 2024 UTC [0x0x16debb000] ERROR (TunNetworkInterface:268) --- destinationSubnetMask = 255.255.255.255 Tue Dec 03 19:27:38.735 2024 UTC [0x0x16debb000] ERROR (TunNetworkInterface:268) --- }, Tue Dec 03 19:27:38.735 2024 UTC [0x0x16debb000] ERROR (TunNetworkInterface:268) --- { Tue Dec 03 19:27:38.735 2024 UTC [0x0x16debb000] ERROR (TunNetworkInterface:268) --- destinationAddress = 172.64.153.124 Tue Dec 03 19:27:38.735 2024 UTC [0x0x16debb000] ERROR (TunNetworkInterface:268) --- destinationSubnetMask = 255.255.255.255 Tue Dec 03 19:27:38.735 2024 UTC [0x0x16debb000] ERROR (TunNetworkInterface:268) --- }, Tue Dec 03 19:27:38.735 2024 UTC [0x0x16debb000] ERROR (TunNetworkInterface:268) --- { Tue Dec 03 19:27:38.735 2024 UTC [0x0x16debb000] ERROR (TunNetworkInterface:268) --- destinationAddress = 104.18.34.132 Tue Dec 03 19:27:38.735 2024 UTC [0x0x16debb000] ERROR (TunNetworkInterface:268) --- destinationSubnetMask = 255.255.255.255 Tue Dec 03 19:27:38.735 2024 UTC [0x0x16debb000] ERROR (TunNetworkInterface:268) --- }, Tue Dec 03 19:27:38.735 2024 UTC [0x0x16debb000] ERROR (TunNetworkInterface:268) --- ) Tue Dec 03 19:27:38.735 2024 UTC [0x0x16debb000] ERROR (TunNetworkInterface:268) --- overridePrimary = NO Tue Dec 03 19:27:38.735 2024 UTC [0x0x16debb000] ERROR (TunNetworkInterface:268) --- } Tue Dec 03 19:27:38.735 2024 UTC [0x0x16debb000] ERROR (TunNetworkInterface:268) --- MTU = 1436 Tue Dec 03 19:27:38.735 2024 UTC [0x0x16debb000] ERROR (TunNetworkInterface:268) --- }

And when connected to the VPN I see the routes setup correctly as well as the DNS settings. But when I try to resolve a host name via dig or nslookup I see no traffic being sent to the utun interface. I have also disabled the firewall and I have no other filters installed. ❯ netstat -nr -f inet Routing tables Internet: Destination Gateway Flags Netif Expire default link#24 UCSg utun9 default 192.168.0.1 UGScIg en0 20.253.190.7 192.168.0.1 UGHS en0 100.127.255.254 link#24 UHWIig utun9 104.18.34.132 192.168.0.1 UGHS en0 127 127.0.0.1 UCS lo0 127.0.0.1 127.0.0.1 UH lo0 169.254 link#11 UCS en0 ! 172.64.153.124 192.168.0.1 UGHS en0 172.86.175.254 172.86.175.254 UH utun9 192.168.0 link#11 UCS en0 ! 192.168.0.1/32 link#11 UCS en0 ! 192.168.0.1 2e:30:44:55:b6:eb UHLWIir en0 1188 192.168.0.232/32 link#11 UCS en0 ! 192.168.0.232 8e:7c:9d:b1:c4:8b UHLWI lo0 192.168.0.255 ff:ff:ff:ff:ff:ff UHLWbI en0 ! 224.0.0/4 link#24 UmCS utun9 224.0.0/4 link#11 UmCSI en0 ! 224.0.0.251 1:0:5e:0:0:fb UHmLWI en0 224.0.0.251 link#24 UHmW3I utun9 3575 255.255.255.255/32 link#24 UCS utun9 255.255.255.255/32 link#11 UCSI en0 ! ❯ cat /etc/resolv.conf # # macOS Notice # # This file is not consulted for DNS hostname resolution, address # resolution, or the DNS query routing mechanism used by most # processes on this system. # # To view the DNS configuration used by this system, use: # scutil --dns # # SEE ALSO # dns-sd(1), scutil(8) # # This file is automatically generated. # nameserver 100.127.255.254 ❯ scutil --dns DNS configuration resolver #1 nameserver[0] : 100.127.255.254 if_index : 24 (utun9) flags : Supplemental, Request A records reach : 0x00000003 (Reachable,Transient Connection) order : 104200 resolver #2 nameserver[0] : 100.127.255.254 if_index : 24 (utun9) flags : Request A records reach : 0x00000003 (Reachable,Transient Connection) order : 200000