Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!

Set no default route for VPN Client via PPTP/L2TP Network
It seems to be a common problem that, when connecting with Mac OS X VPN client to a VPN server, you end up with getting a default route to that server. But in some cases, you'll still want to use your original internet connection by default, and only have the routes for the remote VPN pointing to the VPN server.

I found some solutions on the net (most of them involved making a wrapper around pppd or hacking some of the system scripts), but they are neither a proper nor one-size-fits-all solution. The right way to do it is as simple as this... Put the keyword nodefaultrouter into the file /etc/ppp/peers/your-vpn-name. Then create a script called /etc/ppp/ip-up with the following contents:
#!/bin/sh
route add 10.0.0.0/8 -interface ppp0
Replace 10.0.0.0/8 with the network address of your VPN. I hope this helps.

[robg adds: I haven't tested this one.]
    •    
  • Currently 3.43 / 5
  You rated: 2 / 5 (7 votes cast)
 
[37,078 views]  

Set no default route for VPN Client via PPTP/L2TP | 5 comments | Create New Account
Click here to return to the 'Set no default route for VPN Client via PPTP/L2TP' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
Set no default route for VPN Client via PPTP/L2TP
Authored by: g16l on Jun 16, '05 09:58:07AM

Or one can launch "Internet Connect", select "Options..." from the "Connect" menu and deselect "Send all traffic over VPN connection".



[ Reply to This | # ]
Set no default route for VPN Client via PPTP/L2TP
Authored by: zpjet on Jun 16, '05 11:11:14AM
... as described in this hint. it works great.

[ Reply to This | # ]
Set no default route for VPN Client via PPTP/L2TP
Authored by: avi4now on Jun 16, '05 11:13:56AM

True, but only in Tiger. This has been such a pain for VPN users that Apple actually did something about it, finally.



[ Reply to This | # ]
This could be a violation of policy!
Authored by: merlyn on Jun 17, '05 06:22:23AM
It seems to be a common problem that, when connecting with Mac OS X VPN client to a VPN server, you end up with getting a default route to that server. But in some cases, you'll still want to use your original internet connection by default, and only have the routes for the remote VPN pointing to the VPN server.
Beware, however. This may be a violation of your company's VPN usage. Not forcing all traffic to go through the company firewall (virtually through your tunneled circuit) may expose outside threats to your company's internal services via your machine.

So, before selecting this option, be sure you check with company policy.

[ Reply to This | # ]

Correction
Authored by: jms1 on Feb 23, '06 09:39:11PM
There is an error in the hint. Instead of entering
nodefaultrouter
you need to use the word
nodefaultroute
Also, this page has an expanded version of the hint, which shows how to configure static routes to be added whenever the VPN is connected- which is useful if your company's network consists of more than just a single block of IP addresses.

[ Reply to This | # ]