https://rancher.com/ logo
Title
i

icy-garage-31078

08/23/2022, 2:22 PM
I'm not positive on this, but I'm hoping I'm correct. I'm using Rancher Desktop on my work computer, IT Managed and all that Jazz. One issue I'm having is that due to the way the VPN is setup, I keep having connectivity issues with Rancher Desktop. It's worth noting that my personal computer is the exact same as my work computer, but I have no issues. The big issue I get is that the 127.0.0.1 binding seemingly fails at times. While I'm not positive, I believe this is in part due to the fact that A) I must be connected to the VPN for everything else to work without issue, and B) the VPN is pushing all traffic for the IP range across the VPN, when my local network fails in said IP range. I believe this is causing some mishaps in getting connected properly as the VPN is effectively forwarding the connection instead of processing it locally.
w

wide-mechanic-33041

08/23/2022, 2:23 PM
assuming windows?
i

icy-garage-31078

08/23/2022, 2:24 PM
osx actually
w

wide-mechanic-33041

08/23/2022, 2:26 PM
hmm route table for windows/hyperv is shared with the host so vpns can be fun. macos has the VM so not as much vpn impact.
could it be a proxy setting where localhost is not in the no_proxy?
i

icy-garage-31078

08/23/2022, 2:32 PM
I'm not sure I understand the last question. If I am, then bear in mind that the 127.0.0.1 (as I understand it) is basically just a proxy to the actual VM. IE: I can see the VM in my DHCP Server Lease.
w

wide-mechanic-33041

08/23/2022, 2:33 PM
so the VM is bridged out to your physical network instead of NAT’d?
127.0.0.1 is just the loopback to any ports on your machine so if you have a proxy configured and 127.0.0.1 was not excluded you could have a config that is sending your local traffic to a proxy that can’t process the request
q

quick-keyboard-83126

08/23/2022, 2:42 PM
You might look into
sudo pfutil -s ...
-- No guarantees, I'm not particularly familiar w/
pf
(you'll want to look at
man pfutil
)
i

icy-garage-31078

08/23/2022, 2:57 PM
I'm not familiar with
pfutil
, nor am I finding any manual entries for it (google or local). Is there a more formal name?
q

quick-keyboard-83126

08/23/2022, 2:58 PM
what version of macOS?
i

icy-garage-31078

08/23/2022, 2:58 PM
12.2.1
q

quick-keyboard-83126

08/23/2022, 2:58 PM
oops,
pfctl
, sorry, brainfart
(macOS apps are often
*util
, but this is a bsd app, and thus t's
*ctl
)
i

icy-garage-31078

08/23/2022, 3:03 PM
I do have pfctl. I will do some research on it when I have the opportunity. Sadly most of my day today is meetings. Thank You
q

quick-keyboard-83126

08/23/2022, 3:05 PM
You'll want to do things where you can compare the output between the work and personal computers. Having two should make things easy to identify. Good luck. And I'd love to hear if I'm right that things show up (or if I'm wrong and things don't)
i

icy-garage-31078

08/24/2022, 12:37 PM
I'm not entirely positive, but I believe you are correct. After running the dump script as documented on
<https://apple.stackexchange.com/questions/312400/pfctl-howto-add-an-anchor-and-make-it-active-load-it>
, I was able to see all the rules the VPN is putting in place compared to the without it, and I can see rules like
block drop out log quick on en8 inet proto udp from [ip] to any port = 53 ! tagged cisco_anyconnect_vpn_pass
, which is blocking basic DNS requests to even my firewall. I've not had a chance to compare it to my personal computer yet, but good to have some direction.
👍 1
p

powerful-elephant-25838

09/22/2022, 8:04 AM
@quick-keyboard-83126 I have the same quirks on connectivity with docker using RD on windows 10/11 in a mixed approach VPN enterprise proxy etc
in going to our internal registry
is there a place where the information on the enterpise proxy could have been written in the WSDL or rancher desktop parts and now when we are on a network that is not albe to reach the proxy we are stuck?