MacOS 10.13.2 beta 1, Cisco AnyConnect 4.4.03034, Unable to contact <vpn> No network connectivity

This is a very unsupported environment question since Mac OS 10.13.2 came out in the last day or two and of course is entirely unsupported but no harm in asking or indeed informing others ;-)



I am using AnyConnect 4.4.03034 - I can't change this as I am only an end user ;-)






Whilst at 10.13.1 the vpn works fine, after the update it seems I just see in the GUI

* Unable to contact <MY VPN NAME>

* No network connectivity underneath



This happens with multiple profiles I have, whilst an alternate VPN I have access to, does work ok



From looking at system.log the best I can ascertain is that there may be an issue getting interface information ie:



Nov 2 09:01:32 Nigels-MBP acvpnagent[55]: Function: getInterfacesInternal File: ../../vpn/Common/Utility/NetInterface_unix.cpp Line: 1754 Invoked Function:



ioctl SIOCGIFNETMASK_IN6 Return Code: 1 (0x00000001) Description: unknown errno=Operation not permitted



.. and a few lines in relation to retrieving my profile followed by:



Nov 2 09:01:32 Nigels-MBP acvpnagent[55]: Function: getInterfacesInternal File: ../../vpn/Common/Utility/NetInterface_unix.cpp Line: 1754 Invoked Function: ioctl SIOCGIFNETMASK_IN6 Return Code: 1 (0x00000001) Description: unknown errno=Operation not permitted



Nov 2 09:01:32 Nigels-MBP acvpnagent[55]: Function: processConnectNotification File: ../../vpn/Agent/MainThread.cpp Line: 12277 Invoked Function: CMainThread::resolveSGHost Return Code: -32702438 (0xFE0D001A) Description: MAINTHREAD_ERROR_NO_NETWORK_CONNECTIVITY



Any tips for workarounds welcome. I presume perhaps a permission change? Or an outright MacOS bug in the beta.

Up vote post of planetf1 Down vote post of planetf1
8.6k views
Posted by
planetf1
Reply
Add a Comment

Replies

Same problem here (started w/ 10.3.2 - using Cisco AnyConnect 4.5.00058)

Posted by
esker
Up vote reply of esker Down vote reply of esker
Add a Comment

I am seeing this as well. Mac OS 10.13.2B1, java 1.8.0_144, netty 4.0.57:


2017-11-02 12:04:32.643 [IPCserver] [] [io.netty.util.NetUtil:165] [WARN] : Failed to retrieve the list of available network interfaces

java.net.SocketException: Operation not permitted (ioctl SIOCGIFNETMASK_IN6 failed)

at java.net.NetworkInterface.getAll(Native Method)

at java.net.NetworkInterface.getNetworkInterfaces(NetworkInterface.java:343)

at io.netty.util.NetUtil.<clinit>(NetUtil.java:154)

at io.netty.channel.socket.DefaultServerSocketChannelConfig.<init>(DefaultServerSocketChannelConfig.java:39)

at io.netty.channel.socket.nio.NioServerSocketChannel$NioServerSocketChannelConfig.<init>(NioServerSocketChannel.java:195)

at io.netty.channel.socket.nio.NioServerSocketChannel$NioServerSocketChannelConfig.<init>(NioServerSocketChannel.java:193)

at io.netty.channel.socket.nio.NioServerSocketChannel.<init>(NioServerSocketChannel.java:87)

at io.netty.channel.socket.nio.NioServerSocketChannel.<init>(NioServerSocketChannel.java:72)

at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)

at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62)

at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)

at java.lang.reflect.Constructor.newInstance(Constructor.java:423)

at io.netty.bootstrap.AbstractBootstrap$BootstrapChannelFactory.newChannel(AbstractBootstrap.java:487)

at io.netty.bootstrap.AbstractBootstrap.initAndRegister(AbstractBootstrap.java:311)

at io.netty.bootstrap.AbstractBootstrap.doBind(AbstractBootstrap.java:273)

at io.netty.bootstrap.AbstractBootstrap.bind(AbstractBootstrap.java:269)

at io.netty.bootstrap.AbstractBootstrap.bind(AbstractBootstrap.java:244)

at dna3.IPCServer.run(IPCServer.java:77)

at dna3.IPCProcessing$1.run(IPCProcessing.java:69)

2017-11-02 12:04:32.645 [IPCserver] [] [io.netty.util.NetUtil:201] [WARN] : Failed to find the loopback interface

Posted by
macbuzz
Up vote reply of macbuzz Down vote reply of macbuzz
Add a Comment

Same problem here. When the macbook is on wifi connection, anyconnect think it has no network connection at all. But if the macbook is bootup When cinnected to a Wire (LAN) connection ...the anycoonect at least will try to eatablish the VPN ...but it still cannot establish the vpn...and theee is no error message in this case. Need a fix please.

Posted by
Slgta
Up vote reply of Slgta Down vote reply of Slgta
Add a Comment

Thanks for reporting this. This has been verified to be a bug in macOS 10.13.2 dev beta 1. Apple is aware of this issue and is working on resolving it for an upcoming dev beta. In the mean time if you need to use AnyConnect you will either need to wait or downgrade back to 10.13.1


Best Regards,

Pete Davis

Cisco Systems, Inc.

ac-mobile-feedback@cisco.com

Posted by
pete001001001
Up vote reply of pete001001001 Down vote reply of pete001001001
Add a Comment

HI

Is there a Fix yet? I really don't want to downgrade and remove the latest beta but if I have to I will. This is my main machine for Work and i am not able to use our AnyConnect client currently.


It currenctly just sits at Establishing VPN - Activating VPN Adaptor and then it goes back to Ready to Connect it never connects.


I have tried to uninstall the client completely and nothing helps. I really need this fixed. Any one have anything that works. My Engineer seems to be stuck with no ideas either.



11/5/17

7:46:21 AM Ready to connect.

7:46:21 AM Contacting La-Z-Boy Inc.

7:46:23 AM Posture Assessment: Required for access

7:46:23 AM Posture Assessment: Checking for updates...

7:46:23 AM Posture Assessment: Initiating...

7:46:28 AM Posture Assessment: Active

7:46:28 AM Posture Assessment: Initiating...

7:46:31 AM User credentials entered.

7:46:33 AM Hostscan is waiting for the next scan

7:47:35 AM Hostscan is performing system scan

7:47:35 AM Hostscan is performing software scan

7:47:35 AM Hostscan state idle

7:47:37 AM Establishing VPN session...

7:47:37 AM The AnyConnect Downloader is performing update checks...

7:47:37 AM Checking for profile updates...

7:47:37 AM Checking for product updates...

7:47:37 AM Checking for customization updates...

7:47:37 AM Performing any required updates...

7:47:37 AM The AnyConnect Downloader updates have been completed.

7:47:37 AM Establishing VPN session...

7:47:37 AM Establishing VPN - Initiating connection...

7:47:38 AM Establishing VPN - Examining system...

7:47:38 AM Establishing VPN - Activating VPN adapter...

7:48:18 AM Disconnect in progress, please wait...

7:48:18 AM The VPN client driver encountered an error. Please restart your computer or device, then try again.

7:48:18 AM AnyConnect was not able to establish a connection to the specified secure gateway. Please try connecting again.

7:48:18 AM Ready to connect.

Posted by
tarheelfan_1977
Up vote reply of tarheelfan_1977 Down vote reply of tarheelfan_1977
Add a Comment

Thanks for the update Peter. Good to hear the issue is understood and will be addressed (by apple in this case). That's part of the fun of betas ;-)


Any workaround welcome, if not c'est la vie. thanks for posting

Nigel.

Posted by
planetf1
Up vote reply of planetf1 Down vote reply of planetf1
Add a Comment

Great to see confirmation... alas, the issue is not yet resolved in beta 2.

Posted by
esker
Up vote reply of esker Down vote reply of esker
Add a Comment

OpenConnect https://gist.github.com/moklett/3170636 is working fine for me as alternative to AnyConnect to corporate VPN

Posted by
klwin
Up vote reply of klwin Down vote reply of klwin
Add a Comment

Openconnect works fine.


If you have Homebrew installed you can use something along the lines of:

brew install openconnect
sudo openconnect URL -c CERT
Posted by
hugo19941994
Up vote reply of hugo19941994 Down vote reply of hugo19941994
Add a Comment

Yeah I just encountered this for the first time today (while working from home). Disappointed that the 2nd beta didn't fix it. Hope it's in the next one.

Posted by
Proggie
Up vote reply of Proggie Down vote reply of Proggie
Add a Comment

it seems to be related to MTU of utun interface. When I tried to dial with AnyConnect, I saw the interface utun4 with MTU 1500, and with OpenConnect, the MTU is correctly set to 1305.

Posted by
wallacepeng
Up vote reply of wallacepeng Down vote reply of wallacepeng
Add a Comment

For those of you getting Openconnect to work, is there anything besides 'brew install openconnect' needed to get it working?

After the install, Openconnect complained about a missing vpnc-script file, which I was able to pull down from here - http://www.infradead.org/openconnect/vpnc-script.html


I am successfully connecting, but and can see the routes, but it is still not working for me. The only possible error I see in the output is a missing reference to a file - /etc/nsswitch.confThe connection uses user/pwd auth, and the values I'm entering (group/user/pwd) are correct..

Posted by
jehowe
Up vote reply of jehowe Down vote reply of jehowe
Add a Comment

AnyConnect 4.5 was suppose to address the issue, but it still doesn't work on 10.13.2 for me

Posted by
macsiah
Up vote reply of macsiah Down vote reply of macsiah
Add a Comment

This appears to be fixed in Beta 3

Posted by
psm1005
Up vote reply of psm1005 Down vote reply of psm1005
Add a Comment

Beta 3 fixed this for me as well.

Posted by
passta
Up vote reply of passta Down vote reply of passta
Add a Comment