Adding routes when using pppd

Question

Level 1

0 points

Adding routes when using pppd

I am using the F5 Firepass client in Snow Leopard. Firepass uses SL's built-in pppd to create a VPN connection to a remote network.

The remote network is, in turn, connected to another network that I want to be able to access through the VPN. But if I try to add a route:

sudo route add -net <far away network> <ppp gateway>

The route shows up for just a moment (using `netstat -rn`) but then disappears quickly. I assume that pppd or some other program running is overwriting my routing rules just moments after I create them.

I tried doing the same thing in a /etc/ppp/ip-up script, but the same thing happens: the route gets deleted less than a second after it is created.

Am I doing something wrong? This is really frustrating.

MBP 15", Mac OS X (10.6.4)

Posted on Sep 29, 2010 12:13 AM

Reply

Answer 1

Sep 30, 2010 4:54 AM in response to mehaase

did you try using the defaultroute option for [pppd(8)|http://developer.apple.com/library/mac/#documentation/Darwin/Reference /ManPages/man8/pppd.8.htmlpppd(8)]


 defaultroute
 Add a default route to the system routing tables, using the peer as the gateway, when IPCP negotiation
 is successfully completed. This entry is removed when the PPP connection is broken. This option is
 privileged if the nodefaultroute option has been specified.

Reply

Answer 2

mehaase Author

Level 1

0 points

Sep 30, 2010 11:38 AM in response to Nils C. Anderson

Not possible. I'm using the Firepass VPN software which creates its own options file in the "/etc/ppp/peers" directory and uses "nodefaultroute".

Thanks for the suggestion, though.

Reply

Answer 3

Sep 30, 2010 11:40 AM in response to mehaase

Are you not able to edit the /etc/ppp/peers file?

Reply

Answer 4

BobHarris

Level 9

56,939 points

Sep 30, 2010 1:26 PM in response to mehaase

First can you execute the 'route' command to add additional routes? Not all VPN implementations will allow that. Some will break the VPN connection if anything about the network changes.

One trick I used years ago when using an early Mac OS X PPTP VPN connection, was to replace the /usr/sbin/pppd command with a tiny perl script that modified the pppd options removing the 'nodefaultroute' from the command line options. Then allowing the perl script to invoke real pppd, which had been saved off under a different name.

In addition to that command line argument trick, it also made any additional changes to various /etc/ppp files, and even issues its own 'route' commands.

It was all a bit of custom hacking, especially the specific route list, as we had lots of internal subnets that needed specific routing.

But it worked.

Reply