Tag Archives: vpn

Adding a custom route to a VPN in Mac OS X

13 Replies

Me and my colleagues at work were facing a problem. We’re using a VPN to access our internal servers and for some reason Mac OS X always uses a 24 bit netmask with the VPN connection (when we need a 16 bit). Of course there’s a solution for this.

  1. Open your favourite text editor. Type in the following text (we happen to use the 172.16.0.0/16 network, adjust please):

    2. #!/bin/sh
/sbin/route add -net 172.16 -interface ppp0

  2. Save this file as ip-up without .txt in the end.
  3. Open Terminal and move the file to /etc/ppp with sudo, “sudo mv /Users/username/ip-up /etc/ppp” assuming you saved it in your home folder.
  4. The last step is to add execute permissions to the file: “sudo chmod 755 /etc/ppp/ip-up”

The route should now be added every time you connect with VPN.

How to set up a PPTP server in Linux

I really don’t like having a lot of ports forwarded into my private network. To still be able to reach the computers behind my NAT router I’m using a PPTP server.

My example will be based on Ubuntu Linux.

Start with installning pptp.

apt-get install pptpd

Edit /etc/pptpd.conf and have a look at the bottom of the file, you should see two lines saying “localip” and “remoteip”. Configure those according to your network, mine says:

localip 172.16.0.250
remoteip 172.16.0.251-254

Now it’s time to add our internal DNS servers (or the ISPs DNS servers if you don’t have your own). This is done by editing /etc/ppp/options and editing the lines saying ms-dns.

ms-dns 172.16.0.6
# ms-dns 192.168.1.2

I only have one internal DNS, so the other one is commented out.

We have to have a user and a password to be able to login, this is configured in /etc/ppp/chap-secrets like this:

username     pptpd      secret_password       *
First the username, then pptpd, your password and at last * to be able to connect from any host.
The last step is to enable IP-forwarding in the kernel. Edit /etc/sysctl.conf and remove the comment for net.ipv4.ip_forward=1. Reboot your computer or run “sysctl net.ipv4.ip_forward=1″ at the command prompt.
Last, make sure the right TCP-port (1723) is forwarded to your Linux server in the firewall.