Skip to content

Coder Connect cannot reach a Coder deployment behind a VPN #201

Open
@ethanndickson

Description

@ethanndickson

If the logged in Coder deployment requires the use of a VPN to connect to (i.e. it is not accessible from the public web) Coder Connect times out when attempting to download the Coder Connect .dylib.

Here's an example with a Tailscale hostname:
Image

Even with the correct .dylib downloaded, subsequent requests to the Coder deployment, those necessary for Coder Connect to function, also fail.

Of note is that:

  • The Coder Desktop app is able to reach the Coder deployment. This explains why the sign in process succeeds.
  • The Coder Connect process (com.coder.Coder-Desktop.VPN, a network system extension) is unable to reach the Coder deployment.

Initial testing would indicate that network system extensions are unable to use network interfaces created by other network system extensions.
Packets written to a UDP socket bound to some other utun<X> interface do not appear in Wireshark. When that packet is written, there's also two OS logs from the kernel:

cfil_hash_entry_log:6088 <CFIL: Error: sosend_reinject() failed>: [30685 com.coder.Coder-Desktop.VPN] <UDP(17) out so b795d11aca7c26bf 57728068503033955 57728068503033955 age 0> lport 3001 fport 3001 laddr 100.108.7.40 faddr 100.112.177.88 hash 58B15863
cfil_service_inject_queue:4472 CFIL: sosend() failed 49

Apple dev forum post: https://developer.apple.com/forums/thread/793037

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions