What is the utun interface?
71166
Created On 01/05/21 00:37 AM - Last Modified 01/07/21 23:52 PM
Question
What is the utun interface?
Environment
- macOS endpoints
- GlobalProtect App 5.1.4+
Answer
A "utun" is a virtual interface created by an application on macOS endpoints to interact with the system.
Beginning in macOS Catalina and GlobalProtect App 5.1.4 and later releases, we have replaced the pangpd kext with utun while utilizing the more modern system extension feature deployed by Apple.
Please see the snippets below for differences in output:
(Ifconfig output while using pangpd kext)
gpd0: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1400
ether 02:50:41:00:01:01
inet6 fe80::50:41ff:fe00:101%gpd0 prefixlen 64 scopeid 0x15
inet 10.101.100.107 netmask 0xffffffff broadcast 10.101.100.107
inet6 fdfa:6a1c:c7b7:dec6::100d prefixlen 128
nd6 options=201<PERFORMNUD,DAD>
(Ifconfig output while using system extensions)
utun2: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1400
inet 10.85.40.243 --> 10.85.40.243 netmask 0xffffffff
inet6 fe80::3af9:d3ff:fe69:1732%utun2 prefixlen 64 scopeid 0xd
inet6 fdae:f7e0:9f37:64::146 prefixlen 128
nd6 options=201<PERFORMNUD,DAD>
Note: Please be aware that any installed application has the ability to create a utun interface on your macOS device and this is not isolated to the GlobalProtect product.