sharing internet/vpn with murus, can't access over https

Post Reply
Posts: 7
Joined: Tue Jan 02, 2018 6:32 pm

sharing internet/vpn with murus, can't access over https

Post by kainotes » Wed Feb 28, 2018 9:56 pm

I am sharing my internet connection / IKEv2 VPN connection over pf via Murus static NAT. My network architecture is as follows:

internet modem ->
wired router (serving ->
Mac mini ( -> ((en4) ) ->
airport extreme ( (DHCP, no NAT, serving

I am sharing my internet / vpn connection via `en4` to ``. Sharing internet works. Sharing the VPN works. I am doing DNS resolution on the router and not forwarding DNS requests through pf.


However, certain sites (namely will not load. Other https sites will. `ping` works fine on client and server. It resolves to different ip addresses on each, although both connections are behind the same VPN and use the same DNS servers.

`curl` of course yields a `301`. `curl` works fine on the server, but `curl -v` on the client yields the following if you wait long enough:

stopped the pause stream!
* Closing connection 0
curl: (35) LibreSSL SSL_connect: SSL_ERROR_SYSCALL in connection to

The browser just times out. Both are running `LibreSSL 2.2.7`.

Wireshark output for the client and its preferred Google IP is pretty colorful, although unintelligible:


Strangely enough, the Safari browser seems to be using the server's Google IP and doesn't show up in this filter (this is from a `curl` request.)

I have had this working in the past, and am trying again with a different router and one less layer of NAT. I can't say it's always been snarl-free, but I was definitely able to browse sites like with the shared VPN connection.

It should be noted that turning off the VPN causes the shared internet connection to work just fine.

What next steps do I need to take to figure out why some `https` connections don't work, and to get this network fully functional?

Post Reply