Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!

10.4: Access VPN and Internet at the same time Internet
Tiger only hintOver the past two years, folks have published a few tips here on how to hack Internet Connect so that you can access your office via the VPN and the internet at the same time. Now Tiger has finally dispensed with all that, and allows you to do this out of the box.

Simply open Internet Connect, select Options from the Connect menu, uncheck 'Send all traffic over VPN connection,' and press OK. You're done! For reference, here are the two most used articles about how to hack this from the past few years:

Avoid creating PPTP default routes
A script to provide VPN split routing via PPPTP
    •    
  • Currently 3.00 / 5
  You rated: 3 / 5 (4 votes cast)
 
[36,133 views]  

10.4: Access VPN and Internet at the same time | 11 comments | Create New Account
Click here to return to the '10.4: Access VPN and Internet at the same time' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
10.4: Access VPN and Internet at the same time
Authored by: james968 on May 04, '05 12:12:49PM

This can be configured on the server side (OS X Server). (Unfortunately Windows ignores this setting), but the mac was fine with it since 10.3.




[ Reply to This | # ]
10.4: Access VPN and Internet at the same time
Authored by: beedee on May 05, '05 03:22:01AM

I've been depserate for a solution to the "no internet w/vpn" problem, as my company has rapidly been adding crucial workflow services that are vpn-only. Thankfully, this hint worked for me, with one caveat... I guess my company's vpn server does not have a dns running, or at least it's not compatible with this setting, because I got nothing when i tried to go to intranet.mycompany.com, which usually worked w/10.3's vpn.

On a hunch, I re-connected to the vpn server w/"Send all traffic..." checked, and pinged intranet.mycompany.com to get the IP address. I added the IP and the domain to my /etc/hosts file, disconnected, unchecked the option, reconnected, and viola!

So if anyone else was initially discouraged to find that this hint didn't actually work, give this a shot and you should be as happy a camper as I am.



[ Reply to This | # ]
10.4: Access VPN and Internet at the same time
Authored by: parnold on May 06, '05 03:06:23PM

This does seem to be better in some ways, but echoing the previous comment, it doesn't use the DNS server on the VPN side unless you route all traffic over the VPN connection. Anyone have a trick for getting the mac to use one DNS server when the VPN connection is active and another at all other times? My company has many different servers that I need to connect to on a regular bases, so to duplicate all of that information in my /etc/hosts file isn't very practical. (Plus, some of the servers change IP addresses frequently.)

I tried to reuse the same hack I used in 10.3 (the fix_vpn_routing.pl script), but set-hostname is no longer in the SystemConfiguration Kicker bundle. Any suggestions?



[ Reply to This | # ]
You can use remote DNS - here's how
Authored by: emarmite on May 18, '05 11:38:02AM
There are several problems with putting static entries in your hosts file. I used to find myself always checking in via Remote Desktop with a known windows server to look up addresses. Fortunately, there is a way to use local DNS servers.

There is a mechanism called 'resolver' where you can specify custom DNS settings for individual domain names.

You'll need to open Terminal to carry out these instructions, and to know the name of the domain you want to look up domain names on. For this example, I'll use 'acme.com', just replace it with your company's internal TLD.

(1) Create a directory as root called 'resolver' in /etc/

sudo mkdir /etc/resolver

(2) Now create a file named after your internal network's domain name with '.x' on the end. For the example, I'm using 'acme.com', change this to your name

sudo pico /etc/resolver/acme.com.x

This is important: if you name it 'acme.com' without the .x, OSX will *always* use these DNS settings. We're going to do a little trick to activate & deactivate the settings every time you connect to your VPN.

(3) Put the following settings into this file:

search acme.com
nameserver 192.168.0.1
nameserver 192.168.0.2


Change 'acme.com' to your internal domain name. You can get the nameserver addresses by typing the following the next time you are actually in the office:

cat /etc/resolver.conf

Other options include: asking your sysadmin nicely; connect to a known Windows box using Remote Desktop and typing 'ipconfig /all' in a Command Prompt.

(4) Now here's the magic: we're going to edit /etc/ppp/ip-up and /etc/ppp/ip-down to activate and deactivate the domain names each time you connect & disconnect.

sudo pico /etc/ppp/ip-up

ip-up should contain the following:

#!/bin/sh
cp /etc/resolver/acme.com.x /etc/resolver/acme.com > /tmp/ppp.log 2>&1


Now for ip-down:

sudo pico /etc/ppp/ip-down

which should contain the following:

#!/bin/sh
rm -f /etc/resolver/acme.com.x > /tmp/ppp.log 2>&1


(5) Final step (important!): get the permissions right

sudo chmod +x /etc/ppp/ip-up
sudo chmod +x /etc/ppp/up-down


Now give it a try. When you connect, a second file should appear in resolver called 'acme.com', and this should disappear when you disconnect. Check /tmp/ppp.log for more details if you have any problems.

Good luck!



[ Reply to This | # ]
minor correction
Authored by: tsanders on May 21, '05 05:44:03PM
I suspect that in the ip-down script you want to remove /etc/resolver/acme.com and not acme.com.x

#!/bin/sh
rm -f /etc/resolver/acme.com > /tmp/ppp.log 2>&1


[ Reply to This | # ]
minor correction - thx
Authored by: emarmite on May 26, '05 09:29:12PM

Yes, that's right, thx :-)



[ Reply to This | # ]
You can use remote DNS - here's how
Authored by: MorganizeIT on Sep 30, '05 05:33:31PM
This works perfectly! I no longer have to choose between *either* using static IPs for all the machines on the VPN *or* routing all my traffic through the VPN connection. On another note, I've also added a line to the ip-up script to lower the mtu for pptp connections. I'm hoping this will cure the instability of smb shares and remote desktop over the vpn:
ifconfig ppp0 mtu 700
700 is the mtu size used by DigiTunnel (a third party VPN client) so I figure it's a good place to start.

[ Reply to This | # ]
You can use remote DNS - here's how
Authored by: MorganizeIT on Sep 30, '05 06:50:49PM
Correction:
ifconfig ppp0 mtu 1200 > /dev/null


[ Reply to This | # ]
10.4: Access VPN and Internet at the same time
Authored by: tonyboy on May 16, '05 12:49:35PM
For some, the split-routing option provided in 10.4 (i.e.: unchecking the "Send all network traffic through VPN...") option is good, but not ideal.

What Tiger does when you uncheck this box is that it sends only traffic aimed at the VPN's address through the VPN, and everything else through your ISP's router.

If you need to route more traffic through the VPN, you can do so by using the fix_vpn_script.sh provided in the Panther hint referenced above.

You won't be able to include a call to this script via the /System/Library/SystemConfiguration/Kicker.bundle/Resources/set-hostname file (which is absent in Tiger), but instead, you can create a file named /etc/ppp/ip-up and place the entire script there! Once the script is in place, make sure that you make the file executable by root (chmod a+x /etc/ppp/ip-up).

The next time you connect to the VPN, your routing tables will be expanded by the script you've just installed.

Good luck!

[ Reply to This | # ]

10.4: Access VPN and Internet at the same time
Authored by: alixir_1 on Jun 13, '05 09:10:05AM

I simply cannot find this option in Tiger! Looked to see if the upgrade I did from Panther was the reason, but no, this option "send all network traffic through VPN" does not exist for me......

Is it hidden? Please could you provide some exact instructions to find it?

The only "options" pane I can find for the VPNs is for "VPN on demand"..

Cheers!!!



[ Reply to This | # ]
10.4: Access VPN and Internet at the same time
Authored by: zpjet on Jun 16, '05 11:14:36AM

are you sure you're looking for it at the right place? it is in menu "Connect", menu item "Options..."



[ Reply to This | # ]