I also have an open support call on this with both vendors (Netmotion and BigFix) but thought that it might be beneficial to post on the forum and see if anyone has had this same situation and if there was a resolution for it.
We have 3 VPN applications in our environment that differ depending on the use case. Two of which work for BigFix relay selection. One of them (Netmotion Mobility) doesn’t appear to even attempt the relay selection over the VPN tunnel. I can watch in wireshark captures while capturing traffic on every interface on my machine and there is no ICMP traffic even though i can see in the debug log showing that its sending pings.
I have sent the wireshark captures over to support but i’m hoping that someone out there has experienced this in the past and might have a recommendation. We don’t know how long this has been happening, its very likely that it’s been a long time because we’ve had very high client counts on our root server for a long while and just corelated it to these vpn clients that are primarily split up between our root server and fallback server that is configured in the manifest.
It’s also important to note that ICMP isn’t blocked. I can communicate directly to the relays over Ping and tracerout when i do it from command line and those show up in the wireshark capture, just not the ones that are coming from BigFix. It’s almost like BigFix isn’t recognizing the interface that NetMotion VPN uses when it sends out the ping for the relay selection.