MAC OSX 10.6 configd overwrites DNS and routing from OpenVPN

Bradley Giesbrecht brad at pixilla.com
Sun Feb 7 10:25:56 PST 2010


Have you looked into networksetup?

man networksetup


// Brad

On Feb 7, 2010, at 5:51 AM, Michael Hieb wrote:

> Apologies if this is covered elsewhere. I've looked and found no  
> definitive answers.
>
> Problem:
>
> Using standard install macports openvpn2: OpenVPN creates a tunnel  
> on a virtual network interface tap0 which is configured via DHCP.  
> Once up a script is called to update the routing tables and set DNS.  
> On linux and windows this works and is very stable because static  
> routing configurations are employed. On Mac OS X v10.6 routing  
> configurations are dynamic and managed by configd. Once the virtual  
> interface comes up the routing tables and DNS can be changed, but  
> after a short while, configd will come along and change the routing  
> and DNS configurations and break the VPN.
>
> This is covered in some detail in this article.
> http://www.afp548.com/article.php?story=20041015131913324
>
> Question: How to write the DNS and routing entries into preferences  
> at the time OpenVPN comes up so that they will persist when configd  
> updates the system?
>
> Details:
>
> 1. Commands used by OpenVPN script to update the routing table and DNS
>
> /usr/sbin/ipconfig set "$dev" DHCP
>
> /usr/sbin/scutil <<EOF
> d.init
> get State:/Network/Service/DHCP-$dev/DNS
> d.add SupplementalMatchDomains * $domain_name
> set State:/Network/Service/DHCP-$dev/DNS
> EOF
>
> Feb 7 11:19:36 MacBook-Pro org.openvpn[44]: Sun Feb 7 11:19:36 2010 / 
> sbin/route add -net 192.168.120.1 192.168.1.1 255.255.255.255
> Feb 7 11:19:36 MacBook-Pro org.openvpn[44]: add net 192.168.120.1:  
> gateway 192.168.1.1
> Feb 7 11:19:36 MacBook-Pro org.openvpn[44]: Sun Feb 7 11:19:36 2010 / 
> sbin/route delete -net 0.0.0.0 192.168.1.1 0.0.0.0
> Feb 7 11:19:36 MacBook-Pro org.openvpn[44]: delete net 0.0.0.0:  
> gateway 192.168.1.1
> Feb 7 11:19:36 MacBook-Pro org.openvpn[44]: Sun Feb 7 11:19:36 2010 / 
> sbin/route add -net 0.0.0.0 192.168.110.1 0.0.0.0
> Feb 7 11:19:36 MacBook-Pro org.openvpn[44]: add net 0.0.0.0: gateway  
> 192.168.110.1
>
> 2. Every looks good for a few minutes
>
> MacBook-Pro:~ user$ netstat -r
> Routing tables
>
> Internet:
> Destination Gateway Flags Refs Use Netif Expire
> default 192.168.110.1 UGSc 0 0 tap0
> default 192.168.110.1 UGScI 41 88 tap0
> 127 localhost UCS 0 0 lo0
> localhost localhost UH 0 0 lo0
> 169.254 link#5 UCS 0 0 en1
> 192.168.1 link#5 UC 1 0 en1
> 192.168.1.1 0:1e:e5:86:79:22 UHLWI 1 17 en1 1187
> 192.168.1.101 localhost UHS 0 0 lo0
> 192.168.110 link#7 UCS 2 0 tap0
> 192.168.110.1 0:17:3f:9b:e3:e2 UHLWI 43 8 tap0 1182
> 192.168.110.3 0:1c:c0:f:90:3b UHLWI 12 137213 tap0 454
> 192.168.110.29 localhost UHS 0 0 lo0
> 192.168.120.1/32 192.168.1.1 UGSc 1 0 en1
>
> MacBook-Pro:~ user$ sudo scutil --dnsDNS configuration
>
> resolver #1
> domain : celoso.net
> search domain[0] : celoso.net
> nameserver[0] : 208.67.222.222
> nameserver[1] : 208.67.220.220
> nameserver[2] : 4.2.2.3
> order : 200000
>
> resolver #2
> domain : celoso.net
> nameserver[0] : 192.168.110.3
> nameserver[1] : 192.168.110.3
> order : 100400
>
> 3. Then something will trigger configd to update the DNS or routing  
> tables, the only evidence of which I have been able to find is the  
> following message in the system.log
>
> Feb 7 11:20:34 MacBook-Pro configd[13]: network configuration changed.
>
> 4. And either the DNS or routing tables will be changed e.g.
>
> MacBook-Pro:~ user$ sudo /usr/sbin/scutil --dns
> Password:
> DNS configuration
>
> resolver #1
> domain : celoso.net
> search domain[0] : celoso.net
> nameserver[0] : 208.67.222.222
> nameserver[1] : 208.67.220.220
> nameserver[2] : 4.2.2.3
> order : 200000
>
> resolver #2
> domain : local
> options : mdns
> timeout : 2
> order : 300000
>
> MacBook-Pro:~ user$ netstat -r
> Routing tables
>
> Internet:
> Destination Gateway Flags Refs Use Netif Expire
> default 192.168.1.1 UGSc 0 0 en1
> default 192.168.110.1 UGScI 52 81 tap0
> 127 localhost UCS 0 0 lo0
> localhost localhost UH 0 0 lo0
> 169.254 link#5 UCS 0 0 en1
> 192.168.1 link#5 UC 1 0 en1
> 192.168.1.1 0:1e:e5:86:79:22 UHLWI 1 17 en1 1196
> 192.168.1.101 localhost UHS 0 0 lo0
> 192.168.110 link#7 UCS 2 0 tap0
> 192.168.110.1 0:17:3f:9b:e3:e2 UHLWI 54 5 tap0 1199
> 192.168.110.3 0:1c:c0:f:90:3b UHLWI 0 34 tap0 1161
> 192.168.110.29 localhost UHS 0 0 lo0
> 192.168.120.1/32 192.168.1.1 UGSc 1 0 en1
> _______________________________________________
> macports-users mailing list
> macports-users at lists.macosforge.org
> http://lists.macosforge.org/mailman/listinfo.cgi/macports-users

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.macosforge.org/pipermail/macports-users/attachments/20100207/d146bc2e/attachment.html>


More information about the macports-users mailing list