My company uses a VPN to provide access to cloud services for development purposes. I am unable to reach these services from VMs or devices using Internet Sharing. In both cases, those instances can reach the Internet just fine.
Here is what the routing table looks like for the VPN:
100.20.x.x 100.65.0.1 UGHS utun1
100.21.x.x 100.65.0.1 UGHS utun1
100.64/10 utun0 Uc utun0
100.65/16 100.65.0.1 UGSc utun1
If I add a custom pf rule, I can get the VM packets routed to the VPN:
nat from 192.168.66.0/24 to 100.65.0.0/16 -> (utun1)
But, inexplicably, a similar rule for 192.168.2.0/24 does nothing. Using Wireshark, I still see packets sent out the default interface, instead of being sent through utun1.
Two questions:
- Why doesn't the routing "just work" in this case? I expected that, after the NAT rules installed by the system are applied, the packets destined for 100.64.0.0/15 would be properly routed without the need for any custom rules.
- What else should I try, either to gather more data or attempt to fix the routing?