Mac Network Gurus, VPN question

Discussion in 'OT Technology' started by kamikaze, Jul 24, 2007.

  1. kamikaze

    kamikaze Active Member

    Joined:
    Jan 30, 2005
    Messages:
    33,629
    Likes Received:
    0
    Location:
    Barrie Ontario
    So I have a PPTP VPN setup to my XP box at home (i know it's not as secure as L2TP with IPSec, but I can't afford a VPN endpoint router as of yet), and everytime I connect to the VPN either to transfer a file, or to VNC into my office or PVR machine, it seems as tho all my internet traffic is being routed through the vpn tunnel....my web browsing, email, adium, everything...when all I really want to go thru the VPN is traffic that's destined to my home network.
     
  2. kamikaze

    kamikaze Active Member

    Joined:
    Jan 30, 2005
    Messages:
    33,629
    Likes Received:
    0
    Location:
    Barrie Ontario
    Alright, I think i know what is causing the issue, I just don't know how to fix it. Apparantly in the windows VPN client there is an option to not use the default gateway on the VPN, however the OS X client doesn't have that option so by the looks of things, it's using the defualt gateway on the VPN instead of the local network. Is there any sort of static routing that I can do to say that anything that's 10.x.x.x goes to the VPN and everything else goes thru the local gateway?

    EDIT: Just tested this theory on a windows box, and it's exactly what the problem is.
     
    Last edited: Jul 26, 2007
  3. GearHead

    GearHead Active Member

    Joined:
    Jun 14, 2004
    Messages:
    16,963
    Likes Received:
    5
    Location:
    Murrika
    Well I am glad to see the MacShack was helpful.
     
  4. IcyHot4Life

    IcyHot4Life Str8 Ballin'

    Joined:
    Aug 2, 2002
    Messages:
    18,151
    Likes Received:
    0
    Location:
    Inquire Within
    it sounds like you hit on the issue exactly. Fixing the problem should be as simple as adding a line or two to your routing table, but without more specifics it's hard to say what exactly you should add. :dunno: wanna post a routing table once you are VPN'd?

    edit: I thought about it a bit more, and for the most part, the only thing you should have to do is add a route that says, for all traffic to the local subnet at your home computer, use the IP address of the VPN gateway; for all other traffic just use the locally discovered gateway of your current network.

    in linux it would be something like this:

    # /sbin/route del default
    # /sbin/route add 192.168.1.0 gw <ip address of VPN gateway> eth0
    # /sbin/route add default gw <ip address of local gateway> eth0

    ***192.168.1.0 is just an example for whatever your subnet is at home.

    I don't generally fuck with BSD routing tables so you'll probably have to google to translate it for OS X, but that should be the gist of it.
     
    Last edited: Jul 27, 2007
  5. IcyHot4Life

    IcyHot4Life Str8 Ballin'

    Joined:
    Aug 2, 2002
    Messages:
    18,151
    Likes Received:
    0
    Location:
    Inquire Within
    fuck off?
     
  6. IcyHot4Life

    IcyHot4Life Str8 Ballin'

    Joined:
    Aug 2, 2002
    Messages:
    18,151
    Likes Received:
    0
    Location:
    Inquire Within
    by the way, this is an interesting article on configuring VPN on the server side of things, provided you run Mac OS X Server. The interesting part is that the article implies that the OS X VPN client can be told what domains to consider secured, so that you don't have to set routing tables yourself. Maybe you can trick XP into telling OS X's client to do this? I dunno. Anyway, here's the article:

    http://www.maclive.net/sid/132
     
  7. kamikaze

    kamikaze Active Member

    Joined:
    Jan 30, 2005
    Messages:
    33,629
    Likes Received:
    0
    Location:
    Barrie Ontario
    Hey, thanks for the reply.

    First, I've gone over every checkbox in the connection properties on my XP machine, and there's no routing done on the server. I assume that It's a limitation of the basic PPTP server that's built into XP, so I'm stuck looking for a solution on the client side.

    My home network is 10.1.35.0, and my work network is 192.168.1.0, but it's my laptop that I'm not sure how to do becuase not everyone has a Linksys or D-Link router. For my work machine I'm assuming that the following would work fine based on your example:

    Code:
    # /sbin/route del default
    # /sbin/route add 10.1.35.0 gw 10.1.35.1 eth0
    # /sbin/route add default gw 192.168.1.1 eth0
    But since the local gateway won't always be 192.168.1.1 on my laptop, I need some way for it to just use whatever the DHCP tells it to use.

    I appreciate your help :)
     
  8. kamikaze

    kamikaze Active Member

    Joined:
    Jan 30, 2005
    Messages:
    33,629
    Likes Received:
    0
    Location:
    Barrie Ontario
    Ok, I found the following article, but I can't seem to find the /etc/ppp/peers/ folder. It doesn't seem to exist.

    http://micheljansen.org/blog/entry/93

    EDIT:

    I read the whole page twice before I saw this in the comments at the bottom:

    Unchecked that box and all is good :)

    Thanks for the help!
     
    Last edited: Jul 27, 2007
  9. IcyHot4Life

    IcyHot4Life Str8 Ballin'

    Joined:
    Aug 2, 2002
    Messages:
    18,151
    Likes Received:
    0
    Location:
    Inquire Within
    fuckin awesome, I didn't know that checkbox existed :coold: I'm sure that if you got the routng table on your OS X machine before and after applying that checkbox, you'd see that it did something roughly equivalent to what I was talking about. I think :o

    Anyway good work, and thanks for sharing that once you found out how to do it! :h5:
     
    Last edited: Jul 28, 2007

Share This Page