User profile for user: Barry Keel
Barry Keel Author
User level: Level 2
272 points

How to route internet traffic over VPN

I have vpn server at home set up under OS X Server, both PPTP and L2TP. They all work fine. I am trying to figure out how to route traffic over the VPN for internet browsing. In the VPN server setup I have my internal DNS listed and it has a forwarder set up in the DNS configuration. In search domains I have mydomain.com. In the Network Routing Definition I have my network setup 172.16.1.0, subnet 255.255.255.0, private. I also have 0.0.0.0, 0.0.0.0, public. When a client connects all they get is the page cannot be displayed. I can browse sites in mydomain.com or in my DNS. I tried an external DNS in the DNS settings and adding a * in the search domains with no luck. The clients are set to send all traffic over the vpn. I know about the reasons not to do this but I am testing something right now. Any ideas?

MacBook Pro, Mac Mini, Mac Pro, iPhone, Mac OS X (10.5.2)

Posted on Apr 1, 2008 8:17 PM

Reply
7 replies
User profile for user: Leif Carlsson
Leif Carlsson
User level: Level 5
4,954 points

Apr 1, 2008 10:15 PM in response to Barry Keel

"Network Routing Definition I have my network setup 172.16.1.0, subnet 255.255.255.0, private. I also have 0.0.0.0, 0.0.0.0, public."

For a default route through the VPN either leave the routing definitions empty or use : 0.0.0.0, 0.0.0.0, private.

Then you need ipforwarding ON in the server. iforwarding is ON if firewall is running but otherwise you need to turn it on yourself. In Tiger server you could use NAT config in SA to turn just ipforwarding (NO NAT) on. It might still be there (haven't looked).

It's also possible to turn it directly on by doing: sudo sysctl -w net.inet.ip.forwarding=1

For this to survive a reboot eiher put net.inet.ip.forwarding=1 in a readable file /etc/sysctl.conf
or edit /etc/hostconfig to have this line: ipforwarding=-YES- (What SA NAT "just ipforwarding" does).

And it is really "subnet mask".
Reply
User profile for user: Barry Keel
Barry Keel Author
User level: Level 2
272 points

Apr 3, 2008 6:38 AM in response to Leif Carlsson

No I cannot ping anything on my network where the vpn server is located. When I ping I get my public ip. I cannot even ping the server by ip. I cannot browse to any websites EXCEPT the ones on the network with the vpn server. Weird?
BTW, the 172.16.1.206 is the ip of my machine on the vpn. Do you think it may be the Windows client configuration.

This is what I get in the command prompt:

Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 10.0.58.1 10.0.58.240 21
0.0.0.0 0.0.0.0 172.16.1.206 172.16.1.206 1
10.0.58.0 255.255.255.0 10.0.58.240 10.0.58.240 20
10.0.58.240 255.255.255.255 127.0.0.1 127.0.0.1 20
10.255.255.255 255.255.255.255 10.0.58.240 10.0.58.240 20
70.63.232.238 255.255.255.255 10.0.58.1 10.0.58.240 20
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
169.254.0.0 255.255.0.0 10.0.58.240 10.0.58.240 30
172.16.1.206 255.255.255.255 127.0.0.1 127.0.0.1 50
172.16.255.255 255.255.255.255 172.16.1.206 172.16.1.206 50
224.0.0.0 240.0.0.0 10.0.58.240 10.0.58.240 20
224.0.0.0 240.0.0.0 172.16.1.206 172.16.1.206 1
255.255.255.255 255.255.255.255 10.0.58.240 10.0.58.240 1
255.255.255.255 255.255.255.255 172.16.1.206 172.16.1.206 1
Default Gateway: 172.16.1.206
===========================================================================
Persistent Routes:
None
Reply

This thread has been closed by the system or the community team. You may vote for any posts you find helpful, or search the Community for additional answers.

How to route internet traffic over VPN

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple Account.
Learn more Sign up