I periodically need to use PPTP to access my systems inside a firwall, but want the rest of my traffic to go through my normal default route. To do this, i need to invoke pppd with the "nodefaultroute" option and have an ip-up script add a route to the private network.
The Internet Connect client provides a nice wrapper around pppd, but insists on setting all of its options on the command line, overriding those in the /etc/ppp/options file. While it is possible to ignore the Internet Connect.app, with Panther it is even more attractively integrated into the interface. To do this, we must set the mysterious "serviceid" parameter in our pppd parameters.
[robg adds: You're on your own with this one; I'm not even going to pretend to have tested it, as it's well beyond anything I do from a network persepective.]We must first have a working PPTP configuration for Internet Connect. Having this, we need to find the parameters it sends to pppd. To do this, use your favorite text editor (vi, pico), and create /etc/ppp/options with the following:
debug dumpThe file should be be owned by root and only readable by root. Having done this, connect to the VPN and examine the Connection Log window; it will contain a complete list of all parameters passed to pppd:
Thu Jan 8 22:12:37 2004 : pppd options in effect:
Thu Jan 8 22:12:37 2004 : debug # (from )
Thu Jan 8 22:12:37 2004 : nodetach # (from command line)
Thu Jan 8 22:12:37 2004 : logfile /tmp/ppp.log # (from command line)
Thu Jan 8 22:12:37 2004 : dump # (from )
Thu Jan 8 22:12:37 2004 : plugin /System/Library/SystemConfiguration/
PPPController.bundle/Contents/PlugIns/PPPDialogs.ppp # (from command line)
Thu Jan 8 22:12:37 2004 : plugin PPTP.ppp # (from command line)
Thu Jan 8 22:12:37 2004 : optionsfd 0 # (from command line)
Thu Jan 8 22:12:37 2004 : remoteaddress ###.###.###.### # (from command line)
Thu Jan 8 22:12:37 2004 : noauth # (from command line)
Thu Jan 8 22:12:37 2004 : refuse-eap # (from command line)
Thu Jan 8 22:12:37 2004 : user ######## # (from command line)
Thu Jan 8 22:12:37 2004 : password ?????? # (from command line)
Thu Jan 8 22:12:37 2004 : noaskpassword # (from command line)
Thu Jan 8 22:12:37 2004 : serviceid B926722E-2D9E-11D8-A90F-000393B8F328
# (from command line)
Thu Jan 8 22:12:37 2004 : pptp-tcp-keepalive 60 # (from command line)
Thu Jan 8 22:12:37 2004 : mru 1500 # (from command line)
Thu Jan 8 22:12:37 2004 : mtu 1448 # (from command line)
Thu Jan 8 22:12:37 2004 : lcp-echo-failure 5 # (from command line)
Thu Jan 8 22:12:37 2004 : lcp-echo-interval 60 # (from command line)
Thu Jan 8 22:12:37 2004 : receive-all # (from command line)
Thu Jan 8 22:12:37 2004 : novj # (from command line)
Thu Jan 8 22:12:37 2004 : ipcp-accept-local # (from command line)
Thu Jan 8 22:12:37 2004 : ipcp-accept-remote # (from command line)
Thu Jan 8 22:12:37 2004 : ipparam 192.168.0.1 # (from command line)
Thu Jan 8 22:12:37 2004 : noipdefault # (from command line)
Thu Jan 8 22:12:37 2004 : defaultroute # (from command line)
Thu Jan 8 22:12:37 2004 : usepeerdns # (from command line)
Thu Jan 8 22:12:37 2004 : : # (from command line)
Thu Jan 8 22:12:37 2004 : ip-src-address-filter 2 # (from command line)
Thu Jan 8 22:12:37 2004 : +ipv6 # (from command line)
Thu Jan 8 22:12:37 2004 : ipv6cp-use-persistent # (from command line)
Thu Jan 8 22:12:37 2004 : noccp # (from command line)
Copy all of these lines (removing the timestamps) to a file in /etc/ppp/peers with a name distinct from that of the connection name in Internet Connect. I'll refer to this file as MYVPN. Edit this file to make the following changes:
- remove the "password" line
- change "defaultroute" to "no defaultroute"
- remove the "usepeerdns"
- remove the "nodetach"
myname * mypassword *Again, the file should be owned by root and readable only by root. Finally, create an ip-up script. You need a little bit of insight here, as you want to add a route to the VPN network. My VPN uses the 170.212.xxx.xxx address space, so I have:
#!/bin/sh - /sbin/route add -net 170.212 $5The $5 takes the parameter set in ipparam, which should be your normal gateway. This script should be executable. Having done all of this, the connection can be brought up from the command line:
%pppd call MYVPNand taken down by Internet Connect. Bear in mind that when you do this, you are exposing the VPN to the risk of being connected to the unwashed internet, so it probably is good to have a firewall protecting your machine.

