Hello, I've stumbled upon an issue that was very difficult to isolate, because it happens only if all the above conditions are met: using Mac OS X (Sierra, but tested also on El Capitan) single Internet connection through an iOS device setup as hotspot (iOS 10, but tested also on 8 and 9) ocserv option tunnel-all-dns=true split routing enabled (route = A.B.C.D/P) Using this, the result is that the client is only able to reach the prefixes specified as routes in ocserv's config file, with no access to the Internet and no DNS resolving. What actually happens in the client is that the default route is not used, as seen below (note the "I" flag). Ping-ing 8.8.8.8 results in: ping 8.8.8.8 PING 8.8.8.8 (8.8.8.8): 56 data bytes ping: sendto: No route to host ping: sendto: No route to host netstat -nrt Routing tables Internet: Destination Gateway Flags Refs Use Netif Expire default 172.20.10.1 UGScI 12 0 en0 Note that 172.20.10.1 is the IP address of the hotspot (the iOS device), and that one responds to ICMP requests and also the internal resources advertised over the tunnel respond properly. The above issue is overcome by using split-dns on the ocserv configuration and disabling tunnel-all-dns, but that configuration exhibits other issues on Linux. Does anyone have an idea of this? -- Liviu Andreicut
