#!/usr/bin/perl # # fix_vpn_routing.pl # To be run as root. # # Fixes OS X's VPN routing of all packets over the VPN # to only route destination network packets over the VPN # # Parts based on getLocation.pl written by Christopher Copeland # # Last updated on 01/10/2003 by JCH use strict;
my $vpn_server="192.168.14.1"; # VPN Server my $real_gateway="79.110.143.250"; # Real Default Gateway # The networks you want to route over the VPN my @vpn_nets = ('192.168.0.0/16', '192.168.0.0/16');
# Get our current location from the system my $vpn_ip = &get_location_from_scutil() || "";
if ($vpn_ip eq $vpn_server) { foreach my $vpn_net (@vpn_nets) { system ("route add -net $vpn_net $vpn_server"); } system("route delete default $vpn_server"); system("route add default $real_gateway"); }
exit;
sub get_location_from_scutil {
my @scutil = `scutil <<- end_scutil 2> /dev/null open show State:/Network/Interface/ppp0/IPv4 close end_scutil`;
my @matches = map { m/0 : (.*)/ } @scutil; if(@matches == 2) { return $matches[1]; } else { return undef; } } I then added a line at the end of /System/Library/SystemConfiguration/Kicker.bundle/Resources/set-hostname that calls this script every time you change location (which connecting to a VPN qualifies for): logger fixing VPN routing if need be /usr/local/bin/admin/fix_vpn_routing.pl Now, when you connect to the VPN, the script will automatically update the routing for you. When you disconnect, or change location to a non-VPN connection, the routing will be handled as normal by the OS. If anyone has any enhancements, I'd love to see them! If you had implemented this hint before 10.2.8 and found that it suddenly stopped working here is why... The hint says to modify the file /System/Library/SystemConfiguration/Kicker.bundle/Resources/set-hostname But it has been moved to (and probably overwritten) /System/Library/SystemConfiguration/Kicker.bundle/Contents/Resources/set-hostname Modify the set-hostname file in its new location as the hint spells out and everything should start working again. That script basically worked for me in panther, except that the get_location_from_scutil was returning my vpn-assigned client IP address as opposed to the vpn server address. To fix that, I changed $matches[1] to $matches[0]. Источник: http://www.macosxhints.com/article.php?story=20030313194656474 Примечание: chmod ug+x fix_vpn_routing.pl
|