MAC OSX 10.6 configd overwrites DNS and routing from OpenVPN

Bradley Giesbrecht brad at pixilla.com
Sun Feb 7 11:56:35 PST 2010 

I'm reading this now and might be worth looking at although it's old.

http://openvpn.net/archive/openvpn-users/2006-10/msg00120.html

// Brad

On Feb 7, 2010, at 10:53 AM, Michael Hieb wrote:

> Yes. I may have missed a trick, so tell me if you think I got it  
> wrong.
>
> 1. Can be used to change DNS setting permanently for interfaces  
> which exist in the configd configuration, e.g. Ethernet/Airport
> 2. Cannot be used to put default routing in the configd configuration.
>
> What you need (and I haven't been able to figure out how to do this)  
> is a way to use networksetup to tell configd about the tap interface  
> and what DNS and routing are associated with the tap interface. Sort  
> of like what you can do in the dynamic configuration with ifconfig  
> and scutil which works until configd comes along and clobbers your  
> settings.
>
> So networksetup will do things like
>
> networksetup --setdnsserver [ETHERNET|AIRPORT] x.x.x.x
>
> When what you want is something like
>
> networksetup --setdnsserver [TAP] x.x.x.x
> networksetup -setdefaultroute [TAP] g.g.g.g
>
> If you see what I mean...
>
> On 07/02/2010 18:25, Bradley Giesbrecht wrote:
>>
>> Have you looked into networksetup?
>>
>> man networksetup
>>
>>
>> // Brad
>>
>> On Feb 7, 2010, at 5:51 AM, Michael Hieb wrote:
>>
>>> Apologies if this is covered elsewhere. I've looked and found no  
>>> definitive answers.
>>>
>>> Problem:
>>>
>>> Using standard install macports openvpn2: OpenVPN creates a tunnel  
>>> on a virtual network interface tap0 which is configured via DHCP.  
>>> Once up a script is called to update the routing tables and set  
>>> DNS. On linux and windows this works and is very stable because  
>>> static routing configurations are employed. On Mac OS X v10.6  
>>> routing configurations are dynamic and managed by configd. Once  
>>> the virtual interface comes up the routing tables and DNS can be  
>>> changed, but after a short while, configd will come along and  
>>> change the routing and DNS configurations and break the VPN.
>>>
>>> This is covered in some detail in this article.
>>> http://www.afp548.com/article.php?story=20041015131913324
>>>
>>> Question: How to write the DNS and routing entries into  
>>> preferences at the time OpenVPN comes up so that they will persist  
>>> when configd updates the system?
>>>
>>> Details:
>>>
>>> 1. Commands used by OpenVPN script to update the routing table and  
>>> DNS
>>>
>>> /usr/sbin/ipconfig set "$dev" DHCP
>>>
>>> /usr/sbin/scutil <<EOF
>>> d.init
>>> get State:/Network/Service/DHCP-$dev/DNS
>>> d.add SupplementalMatchDomains * $domain_name
>>> set State:/Network/Service/DHCP-$dev/DNS
>>> EOF
>>>
>>> Feb 7 11:19:36 MacBook-Pro org.openvpn[44]: Sun Feb 7 11:19:36  
>>> 2010 /sbin/route add -net 192.168.120.1 192.168.1.1 255.255.255.255
>>> Feb 7 11:19:36 MacBook-Pro org.openvpn[44]: add net 192.168.120.1:  
>>> gateway 192.168.1.1
>>> Feb 7 11:19:36 MacBook-Pro org.openvpn[44]: Sun Feb 7 11:19:36  
>>> 2010 /sbin/route delete -net 0.0.0.0 192.168.1.1 0.0.0.0
>>> Feb 7 11:19:36 MacBook-Pro org.openvpn[44]: delete net 0.0.0.0:  
>>> gateway 192.168.1.1
>>> Feb 7 11:19:36 MacBook-Pro org.openvpn[44]: Sun Feb 7 11:19:36  
>>> 2010 /sbin/route add -net 0.0.0.0 192.168.110.1 0.0.0.0
>>> Feb 7 11:19:36 MacBook-Pro org.openvpn[44]: add net 0.0.0.0:  
>>> gateway 192.168.110.1
>>>
>>> 2. Every looks good for a few minutes
>>>
>>> MacBook-Pro:~ user$ netstat -r
>>> Routing tables
>>>
>>> Internet:
>>> Destination Gateway Flags Refs Use Netif Expire
>>> default 192.168.110.1 UGSc 0 0 tap0
>>> default 192.168.110.1 UGScI 41 88 tap0
>>> 127 localhost UCS 0 0 lo0
>>> localhost localhost UH 0 0 lo0
>>> 169.254 link#5 UCS 0 0 en1
>>> 192.168.1 link#5 UC 1 0 en1
>>> 192.168.1.1 0:1e:e5:86:79:22 UHLWI 1 17 en1 1187
>>> 192.168.1.101 localhost UHS 0 0 lo0
>>> 192.168.110 link#7 UCS 2 0 tap0
>>> 192.168.110.1 0:17:3f:9b:e3:e2 UHLWI 43 8 tap0 1182
>>> 192.168.110.3 0:1c:c0:f:90:3b UHLWI 12 137213 tap0 454
>>> 192.168.110.29 localhost UHS 0 0 lo0
>>> 192.168.120.1/32 192.168.1.1 UGSc 1 0 en1
>>>
>>> MacBook-Pro:~ user$ sudo scutil --dnsDNS configuration
>>>
>>> resolver #1
>>> domain : celoso.net
>>> search domain[0] : celoso.net
>>> nameserver[0] : 208.67.222.222
>>> nameserver[1] : 208.67.220.220
>>> nameserver[2] : 4.2.2.3
>>> order : 200000
>>>
>>> resolver #2
>>> domain : celoso.net
>>> nameserver[0] : 192.168.110.3
>>> nameserver[1] : 192.168.110.3
>>> order : 100400
>>>
>>> 3. Then something will trigger configd to update the DNS or  
>>> routing tables, the only evidence of which I have been able to  
>>> find is the following message in the system.log
>>>
>>> Feb 7 11:20:34 MacBook-Pro configd[13]: network configuration  
>>> changed.
>>>
>>> 4. And either the DNS or routing tables will be changed e.g.
>>>
>>> MacBook-Pro:~ user$ sudo /usr/sbin/scutil --dns
>>> Password:
>>> DNS configuration
>>>
>>> resolver #1
>>> domain : celoso.net
>>> search domain[0] : celoso.net
>>> nameserver[0] : 208.67.222.222
>>> nameserver[1] : 208.67.220.220
>>> nameserver[2] : 4.2.2.3
>>> order : 200000
>>>
>>> resolver #2
>>> domain : local
>>> options : mdns
>>> timeout : 2
>>> order : 300000
>>>
>>> MacBook-Pro:~ user$ netstat -r
>>> Routing tables
>>>
>>> Internet:
>>> Destination Gateway Flags Refs Use Netif Expire
>>> default 192.168.1.1 UGSc 0 0 en1
>>> default 192.168.110.1 UGScI 52 81 tap0
>>> 127 localhost UCS 0 0 lo0
>>> localhost localhost UH 0 0 lo0
>>> 169.254 link#5 UCS 0 0 en1
>>> 192.168.1 link#5 UC 1 0 en1
>>> 192.168.1.1 0:1e:e5:86:79:22 UHLWI 1 17 en1 1196
>>> 192.168.1.101 localhost UHS 0 0 lo0
>>> 192.168.110 link#7 UCS 2 0 tap0
>>> 192.168.110.1 0:17:3f:9b:e3:e2 UHLWI 54 5 tap0 1199
>>> 192.168.110.3 0:1c:c0:f:90:3b UHLWI 0 34 tap0 1161
>>> 192.168.110.29 localhost UHS 0 0 lo0
>>> 192.168.120.1/32 192.168.1.1 UGSc 1 0 en1
>>> _______________________________________________
>>> macports-users mailing list
>>> macports-users at lists.macosforge.org
>>> http://lists.macosforge.org/mailman/listinfo.cgi/macports-users
>>
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.macosforge.org/pipermail/macports-users/attachments/20100207/a3a83b86/attachment.html>

More information about the macports-users mailing list