Ask the community

Mac OS Ethernet Dongles and Netskope

mdmeow12123
New Contributor III

Hi Folks,

We have a few users that have real difficulty with reestablishing connectivity via netskope when their macs come out of sleep/hibernate. The common thread between them is that they are also using dongles with ethernet connections to the internet. 

One fix that appears to help some users is turning off IPV6 ( changing to link-local) on any ethernet dongle that is attached. 

Curious if others are seeing this issue. 
Thanks!

9 Replies 9
nduda
Contributor

What version are the NSAgents? We dealt with these issues but way back around R105/106. We had to do a global JAMF disable of IPv6 at one point.

mdmeow12123
New Contributor III

Were using latest 109, this issue appeared to be a problem in 108 as well when we deployed NS in org. 

Our org is predominantly Macintosh (thousands and thousands) and we haven't seen any of these issues since R105/106. Is anything in the logs?

mdmeow12123
New Contributor III

Stuff like this:
2023/10/18 10:48:21.862277 stAgentNE p434 t53767 critical nsDNSProcessor.cpp:149 dnsProcessor Failed to get DNS resolver values
2023/10/18 10:48:21.993231 stAgentNE p434 t16007 info networkMonitor.cpp:358 networkMonitor New Network Change event received
2023/10/18 10:48:21.994177 stAgentNE p434 t16007 info networkMonitor.cpp:337 networkMonitor Best route interface new ip 0.0.0.0

Netskope support is blaming the dongles, but there are no issues with NS is disabled. 


You don't happen to also use a VPN software like Global Protect/Any Connect do you?

mdmeow12123
New Contributor III

We use a version of openVPN (Pritunl). But we have at least 2 users that don't use it and are still having same issue.   The VPN client is bypassed per NS recommendations. 

roboflex
New Contributor II

Why did you ask if they were using a VPN such as GlobalProtect/AnyConnect?  Is there something that is conflicting between the two?

 

mdmeow12123
New Contributor III

Curious, are you still actively shutting off ipv6 via JAMF on your fleet?

Curious
New Contributor III

@mdmeow12123 am only disabling IPv6 on specific clients when DNS failures occur. It seems to only affect those clients using a public IPv6 address (starts with 2001:xxxx) and with some ISP's or some Android phone hotspots. For these reasons, we have not disabled IPv6 for everyone. Also, this was only reported for our Windows clients. 

Subscribe
Top Liked Authors
Labels

In order to view this content, you will need to sign in to your account. Simply click the "Sign In" button below

Sign In