Mac OS X - Tunnel Clients Conflict with TUN Module
03/26/2020 7 12369
DESCRIPTION: Mac OS X - Tunnel Clients Conflict with TUN Module
SonicWall has seen a case where some Mac OS X users are unable to get full network access with the tunnel clients (OnDemand Tunnel and Connect Tunnel); they get only Web access.
When this situation occurs, the following messages are logged in /Users/<user>/Library/Application Support/Aventail/log/EPC.log:
ERROR2009/04/21 06:57:40:479 AWT-EventQueue-0 - AgentHandler - Agent [NGC] is not supported by this client java.lang.Exception: Unable to launch AvConnect at com.aventail.nixct.tunnel.Tunnel.startTunnel(Tunnel.java:187) at com.aventail.nixct.tunnel.Tunnel.start(Tunnel.java:82) at com.aventail.nixct.engine.GUIController.startTunnel(GUIController.java:479) at com.aventail.nixct.ui.MainWindowMsgController$12.run(MainWindowMsgController.java:850) ERROR2009/04/21 06:58:02:704 NetMessenger - MessageHandler - AUTH INCOMPLETE ERROR2009/04/21 06:58:23:630 NetMessenger - MessageHandler - AUTH INCOMPLETE
There is already another kernel extension, or TUN module, loaded on this Mac that conflicts with the tunnel client. To resolve this issue, unload the TUN module so that the Aventail client can function.
The following commands can help you verify whether any TUN modules are loaded, and describe how to unload them:
If logged in to WorkPlace, close the browser. If running a tunnel client, shut it down.
On the Mac, open the Terminal application from /Applications/Utilities.
Run the following command to find out if any TUN modules are loaded: kextstat -l | grep tun If there are any drivers loaded, this explains the failure of the Aventail client to load.
Unload the kernel module by running the following command. In this example, we'll assume the module was called foo.tun: kextunload -b foo.tun
Check again to make sure that there are no TUN modules loaded: kextstat -l | grep tun
For Connect Tunnel or OnDemand Tunnel, here is what kextstat reports when its TUN module is loaded. 101 0 0x170fd000 0x6000 0x5000 com.aventail.tun.kext (1.0) <12 7 5 2> Note: The module only loads when the client is running.
Third-party TUN modules may need to be manually unloaded and reloaded whenever Connect Tunnel or OnDemand Tunnel are used.