Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!


Click here to return to the 'Avoid creating PPTP default routes' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
Avoid creating PPTP default routes
Authored by: scstraus on Jan 03, '07 08:07:58AM

The tiger stuff didn't work for me, as I had multiple domains needed and it wouldn't resolve a lot of the names of stuff I need for VPN. I needed greater control, so I'm still using the hint halfway down the comments which I said earlier works perfectly. I am using it on 10.4.8.

I'll describe it here for newbies, because I think it's useful:

Let's assume you work for yahoo.com and you want to route all traffic to your internal network at 192.168.0.0-192.168.254.254 to your private network at yahoo.com and you wnat all name resolution at yahoo.com to go through the private nameservers there

Step 1- Ping your pptp server, find it's IP address, and use that in your PPTP settings in internet connect (don't use hostname) This bypasses DNS lookup when your VPN server is in the same domain as the one your trying to use private DNS lookup for (since the private DNS servers won't be available when you are connecting to them).

Step 2 - Connect to your existing VPN without any modification

Step 3 - copy /etc/resolv.conf to /etc/resolver/yahoo.com (where yahoo.com is the domain you want to resolve using the VPN's DNS servers.

Step 4 - Disconnect from your VPN

Step 5 - type the following command:

cat /etc/resolv.conf

copy the resulting output to the end of the file /etc/resolver/yahoo.com that you made earlier. This allows for DNS lookup to use your standard resolvers should the private ones not be available for that domain (such as when your VPN server is in the same domain).

Step 6 - Say you've used Internet Connect to create a new VPN 'My_VPN' (yes, that underscore is important). To suppress default route allocation create a file called

/etc/ppp/peers/My_VPN

inside that file, put only the line

nodefaultroute

You can't put this in the global options (/etc/ppp/peers) because a configuration error results.

Step 7 -
Then, to patch up routing you need an ip-up script file and an ip-down script file. Here, we assume that you want to route all traffic between addresses 192.168.0.0 and 192.168.254.254 over the VPN, and also all traffic between 10.10.10.0 and 10.10.10.254 .

create the file /etc/ppp/ip-up and include the follwing lines:

#!/bin/sh
/sbin/route -n add -net 192.168 $IPREMOTE >> /tmp/ppp.log 2>&1
/sbin/route -n add -net 10.10.10 $IPREMOTE >> /tmp/ppp.log 2>&1

now create the file /etc/ppp/ip-down: and include the following lines:

#!/bin/sh
route -n delete -net 192.168 $IPREMOTE >> /tmp/ppp.log 2>&1
route -n delete -net 10.10.10 $IPREMOTE >> /tmp/ppp.log 2>&1

Don't forget to make them both executable by entering the command

chmod +x /etc/ppp/ip-up /etc/ppp/ip-down

Step 8 - Sit back and enjoy watching all your filesharing and porn downloads go over your standard internet connection while only work related stuff goes over the VPN.

---
I came into this game for the action, the excitement. Go anywhere, travel light, get in, get out, wherever there's trouble, a man alone.



[ Reply to This | # ]