Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!


Click here to return to the 'Avoid creating PPTP default routes' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
Avoid creating PPTP default routes
Authored by: scstraus on Aug 20, '04 10:35:04AM

To anyone looking to do this, I recommend using the hint directly above me (the end of the thread) rather than the one at the beginning of the thread. The one at the end is very elegant, works perfectly and gives great control. In short, it is the "right" way to do this under os x (at least 10.3.4 on- didn't try anything in earlier versions). The original hint is more of a hack (and didn't work for me- internet connect complained).

Just one caveat with it. In my case the domain I wanted to VPN to was also the same one with that the VPN server I wanted to connect to was in, and I was connecting by hostname. Since I copied only the private DNS addresses into the "my.vpn.com" file, it couldn't resolve the name of the VPN server, and therefore couldn't connect to get to those DNS servers. The fixes are easy and appearent. Either connect by IP address, or append your standard DNS servers to the my.vpn.com file.

Also the line where he says

/etc/ppp/peers/My_VPN:
nodefaultroute

He means create a text file with the same name as you named your VPN in internet connect and inside the file put only that word- "nodefaultroute".

Works great. This should be the only hint for this topic, as I said it's the right way to do it and gives you full control.

Also to the guy wondering why anyone does this, basically if you are connecting to a VPN (Virtual Private Network), internet connect routes all your traffic through the private network by default. This changes your IP address to the world and for me was messing up my Asterisk SIP (VoIP) PBX, as well as instant messenger and file sharing whenever I was connected to my VPN tunnel to work. Anyone who uses VPN's to get to their work servers for email or whatever needs this hint to fix the things that that tunnel default route breaks.

---
I came into this game for the action, the excitement. Go anywhere, travel light, get in, get out, wherever there's trouble, a man alone.



[ Reply to This | # ]
Avoid creating PPTP default routes
Authored by: LotzaPhunn on Sep 30, '04 04:37:01AM
this looks very promising, but i'm too much of a newbie to implement it. i was hoping it would fix the following problem: when i connect into my work VPN, i lose internet connection and am not able to access websites, use iChat, etc... i was hoping someone might take my hand and walk me through...
Then, to patch up routing you need an ip-up and an ip-down. Here, we assume that your remote network has two independent class C subnets, a.b.c1/24 and a.b.c2/24. If your remote has a single class B, you would use a.b/16, and so on.
uh??? what the hell is a class C or a class B? how do I find out which one my Win XP box at work (which I VPN into) has?
/etc/ppp/ip-up: #!/bin/sh /sbin/route -n add -net a.b.c1 $IPREMOTE >> /tmp/ppp.log 2>&1 /sbin/route -n add -net a.b.c2 $IPREMOTE >> /tmp/ppp.log 2>&1 /etc/ppp/ip-down: #!/bin/sh route -n delete -net a.b.c1 $IPREMOTE >> /tmp/ppp.log 2>&1 route -n delete -net a.b.c2 $IPREMOTE >> /tmp/ppp.log 2>&1
am i supposed to substitute $IPREMOTE with that win xp machine's IP address? or leave it as is?
Patching DNS is even easier. There's a special set of redirects in /etc/resolver. Add appropriate ones for your VPN.
how do i find out what the "appropriate ones for your VPN" are? are these the same DNS servers that my work win xp box has in its LAN properties? anything else in this that I am supposed to substitute with my own values?? thanks in advance!

[ Reply to This | # ]
Avoid creating PPTP default routes
Authored by: scstraus on Jan 03, '07 06:53:52AM

Yeah, he's using network admin terms. A Class C network is simply one who's subnet mask would be 255.255.255.0 , So if the network was 192.168.1.0 with 255.255.255.0, it would be a class C network describing all addresses between 192.168.1.0 and 192.168.1.254.

So, you can guess what a class B is then, right? It's one with a subnet mask of 255.255.0.0. So the network of 192.168.0.0 with subnet mask 255.255.0.0 describes all addresses between 192.168.0.0 and 192.168.254.254.

Hope that helps.

I've reinstalled my machine so I'm gonna try this hint again and see if it still works on 10.4.8. The builtin vpn routing didn't do much for me.

---
I came into this game for the action, the excitement. Go anywhere, travel light, get in, get out, wherever there's trouble, a man alone.



[ Reply to This | # ]
Avoid creating PPTP default routes
Authored by: scstraus on Jan 03, '07 07:13:44AM

To clarify a bit further, in my ip-up I have

#!/bin/sh
/sbin/route -n add -net 192.168 $IPREMOTE >> /tmp/ppp.log 2>&1

because I want to route all addresses from 192.168.0.0 until 192.168.254.254 over the VPN.

Hope that helps!

---
I came into this game for the action, the excitement. Go anywhere, travel light, get in, get out, wherever there's trouble, a man alone.



[ Reply to This | # ]
Re: Avoid creating PPTP default routes
Authored by: halesgarcia on Feb 12, '05 02:37:38PM

Also to the guy wondering why anyone does this, basically if you are connecting to a VPN (Virtual Private Network), internet connect routes all your traffic through the private network by default...

I'm using Panther 10.3.8 and VPN without customizations but I am not getting the default route changed. The default route instead remains the local public network that I was connected to before connecting to my VPN server. Has the behavior of VPN changed since these postings were written?

I'm trying to do what everyone in this thread is trying to avoid, that is, set my default route to my VPN server when I'm on a particular network.



[ Reply to This | # ]
Re: Avoid creating PPTP default routes
Authored by: ework on Feb 13, '05 09:00:55PM

This is still a problem for me with 10.3.8. I used these hints and they worked perfectly for me. You can following these hints and create a file in /etc/ppp/peers with the option defaultroute instead of nodefaultroute. Look at the posts above to see what I mean.



[ Reply to This | # ]