Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!


Click here to return to the 'Another Solution Using PPP and Resolver' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
Another Solution Using PPP and Resolver
Authored by: ework on Feb 13, '05 09:47:46PM

Hey everyone, here's another solution I came up with after following some hints in this forum. This script requires creating only two new files, no other modifications needed to exisiting files. It works correctly with OS X, using PPP like it was intended to be used, and taking advantage of /etc/resolver for domain based DNS lookups. (Some applications might not support resolver, so in that case you will have to modify /etc/resolv.conf instead)

The first file you need to create is /etc/ppp/peers/VPN_Connection where VPN_Connection is the exact name of the connection you created in Internet Connection. I had some problems when renaming a connection I made previously. Delete and recreate your connection if you have problems. The contents of the file are below.

[ /etc/ppp/peers/VPN_Connection ]
ipparam {DOMAIN_NAME}
nodefaultroute

The first line is the domain suffix for your VPN. If you don't need a domain suffix (or don't care) then you will have to modify these files accordingly, or use another solution in this forum. The next file you need to create is /etc/ppp/ip-up (and /etc/ppp/ip-down through a symlink to ip-up) with chmod 755. The contents of this file are below.

[ /etc/ppp/ip-up ]
#!/bin/sh

DOMAIN=$6
NETMASK=`echo $IPLOCAL | awk -F. '{OFS = "."}{print $1,$2,$3}'`
REVERSE=`echo $IPLOCAL | awk -F. '{OFS = "."}{print $3,$2,$1}'`

if [ `basename $0` = "ip-up" ] ; then
/sbin/route -n add -net $NETMASK $IPREMOTE
echo "search $DOMAIN" > /etc/resolver/$DOMAIN
echo "nameserver $DNS1" >> /etc/resolver/$DOMAIN
echo "nameserver $DNS2" >> /etc/resolver/$DOMAIN
ln -s $DOMAIN /etc/resolver/$REVERSE.in-addr.arpa
else
/sbin/route -n delete -net $NETMASK $IPREMOTE
rm -f /etc/resolver/$DOMAIN
rm -f /etc/resolver/$REVERSE.in-addr.arpa
fi

As you can see this script will handle both connects and disconnects (with the use of a symlink). Read "man pppd" for the command line arguments and variables available in this script, if you feel like modifying it ($6 is the value set above by ipparam). You will also need to change the number of octets used in the netmask for your network. Here I have 255.255.255.0 or /24. If you have a dial-up PPP connection put an if block around the code and pass a new ipparam specific to your dial-up connection (create a file like above in the peers directory for your dial-up connection). I had no need for this so I didn't include it here, but would like to mention it.

Now after you connect you can verify the routing by using "netstat -nr". Also if you would like, look in /etc/resolver for two new files representing the forward and reverse lookup zones for your VPN domain. If you find things incorrect tweak the script.

Known issue:
Although I put the domain name as a search option in my resolver file it has no effect unless its in resolv.conf (which make sense, because it doesnt know which domain name to guess). Ex. "ping computer.domain" will resolve but not "ping computer". I might try having the script patch the search line into /etc/resolv.conf, who knows.

I hope this helps someone out there. Feel free to reply if you have any suggestions, I made an error, or left something out.

Eric



[ Reply to This | # ]
Another Solution, Problem Resolved
Authored by: ework on Feb 13, '05 11:54:09PM

Ok I worked up a solution for that known issue from before. I found that if I change the domain option in resolv.conf it allows me to do "ping computer.domain". The new script below, when you connect, will comment out your old domain directive and append a new one. When you disconnect it will remove the new domain directive and uncomment the old one. This eliminates the need to copy the file to a temporay location and copy it back when finished.

[ /etc/ppp/ip-up ] (symlink to /etc/ppp/ip-down)
#!/bin/sh

DOMAIN=$6
NETMASK=`echo $IPLOCAL | awk -F. '{OFS = "."}{print $1,$2,$3}'`
REVERSE=`echo $IPLOCAL | awk -F. '{OFS = "."}{print $3,$2,$1}'`

if [ `basename $0` = "ip-up" ] ; then
/sbin/route -n add -net $NETMASK $IPREMOTE
cat /etc/resolv.conf | sed s/^domain/#domain/ > /etc/resolv.conf
echo "domain $DOMAIN" >> /etc/resolv.conf
echo "nameserver $DNS1" > /etc/resolver/$DOMAIN
echo "nameserver $DNS2" >> /etc/resolver/$DOMAIN
ln -s $DOMAIN /etc/resolver/$REVERSE.in-addr.arpa
else
/sbin/route -n delete -net $NETMASK $IPREMOTE
cat /etc/resolv.conf | grep -v "domain $DOMAIN" > /etc/resolv.conf
cat /etc/resolv.conf | sed s/^#domain/domain/ > /etc/resolv.conf
rm -f /etc/resolver/$DOMAIN
rm -f /etc/resolver/$REVERSE.in-addr.arpa
fi

Eric



[ Reply to This | # ]