OS X >10.6.5 DNS Lookup Order with VPN

macos dns vpn osx-snow-leopard osx-lion

In my case, FQDN requests weren't resolving to the correct internal address. Instead, they were pointing to the external address.

I connect to my Cisco ASA via IPsec. While the order is setup correctly in network connection, the DNS requests do not follow the order since updating to 10.6.5.

To work around it, I manually assigned the DNS server for my VPN into Airport connection (since I'm wireless). After I'm done with the VPN connect, I remove the manually added DNS address.


To stop OS X 10.8 from creating a default route to your VPN connection, open Internet Connect (in Applications). Choose Options from the Connect menu, then uncheck the "Send all traffic over VPN connection" option. Click OK, and you're done.

To make a custom route to the subnet on the other side of the VPN connection, read the rest of the hint...

As root, create /etc/ppp/ip-up, and put in the following code:

#!/bin/sh
# When the ppp link comes up, this script is called with the following
# parameters
#       $1      the interface name used by pppd (e.g. ppp3)
#       $2      the tty device name
#       $3      the tty device speed
#       $4      the local IP address for the interface
#       $5      the remote IP address
#       $6      the parameter specified by the 'ipparam' option to pppd

DEBUGFILE=/tmp/ip-up-debug.txt
## echo "1:$1 2:$2 3:$3 4:$4 5:$5 6:$6" > $DEBUGFILE
NET=`echo $5 | cut -d. -f1,2,3`
## echo $NET >> $DEBUGFILE

case $NET in 192.168.3)
     ## echo "CASE1" >> $DEBUGFILE
     RESULT=`/sbin/route add -net 192.168.30.0 $5 255.255.255.0`
     ##echo $RESULT >> $DEBUGFILE
     ;;
     192.168.2)
     ## echo "CASE2" >> $DEBUGFILE
     RESULT=`/sbin/route add -net 192.168.20.0 netmask 255.255.255.0 gw $5`
     ## echo $RESULT >> $DEBUGFILE
     ;;
     192.168.1)
     ## echo "CASE3" >> $DEBUGFILE
     RESULT=`/sbin/route add -net 192.168.10.0 netmask 255.255.255.0 gw $5`
     ## echo $RESULT >> $DEBUGFILE
     ;;
     *)
     ## echo "No match" >> $DEBUGFILE
     ;;
esac

Notes:

  1. Once you create the file, do a chmod u+x /etc/ppp/ip-up.
  2. The $5 variable is your remote IP address (your IP address on the remote network).
  3. In the first case statement, change the 192.168.x entry to the first three octets of your remote network. In this instance, the remote IP is 192.168.3.1, and the remote network is 192.168.30.0/24 (the remote VPN box is doing the routing -- this is so SAMBA will work without needing to proxy ARP).
  4. Uncomment (remove the ##'s) from the debug lines to see what this script is doing. Output will be written to the /tmp/ip-up-debug.txt file. Remember to put the ##'s back in when you are done testing.
  5. This script has options for three different VPN connections. Just change the 192.168.x entries to the different network addresses of your different VPNs.

Found here

Related

How do I know if I have KMS enabled?
How to map a virtual desktop to a monitor in a multiple monitor setup?
Emacs as daemon on OS X with window-system
Can I change the order of the search results in the Windows 7 start menu?
Multiple global shortcuts for the same action
Wireshark WPA 4-way handshake
USB storage devices no longer recognized after installing VMware tools
Chrome: Autocomplete not working on particular input fields
Is it possible to change the location of the volume overlay?
How to digitally sign emails in the Mail app in Windows 8?
Why does Windows say "The disk that your backup is saved on is about to fail"?
ownCloud OpenID user authentication