CyberSpy

Rantings from a guy with way too much free time

OS X VPN client pppd host route configuration on post-interface connection

2019-11-20 Devops Rob Baruch

VPN Client PPP daemon configuration

Recipe: Configure Default Host routes after a specific VPN connection has been established

Solution:

In order to configure the host (or network routes, although I’m solely interested in routing specific hosts between my two sites), we need to create a file with the following commands in /etc/ppp.

#!/bin/sh

# VPN_GATEWAY is the remote address of the vpn tunnel
# when ppp executes this script it will pass several values to it
# $5 will hold the remote gateway

VPN_GATEWAY=192.168.1.156
if [ "${5:-}" = "${VPN_GATEWAY}" ]
then
                /bin/echo "${5:-} routes added for interface ${5:-}" > "/tmp/pppd_ip_up_$$.log"
                /sbin/route add -host 192.168.1.92 -interface ppp0 || (/bin/echo "failed to add route 92" >> "/tmp/pppd_ip_up_$$.log")
                /sbin/route add -host 192.168.1.158 -interface ppp0|| (/bin/echo "failed to add route 158" >> "/tmp/pppd_ip_up_$$.log")
                /sbin/route add -host 192.168.1.56 -interface ppp0|| (/bin/echo "failed to add route 56" >> "/tmp/pppd_ip_up_$$.log")
                /sbin/route add -host 192.168.1.26 -interface ppp0|| (/bin/echo "failed to add route 26" >> "/tmp/pppd_ip_up_$$.log")
else
                /bin/echo "No routes added for interface ${5:-}" > "/tmp/pppd_ip_up_$$.log"
fi

This script must be owned by root and executable. We can create multiple else clauses to configure routes for our remote VPN connection based on the remote IP Address. I’ve added a log to /tmp to monitor the process.

When we drop the VPN connection, the routes are flushed from the IP table.

comments powered by Disqus