After a company is sold to different parties, you might end up with a situation where the old 10.0.0.0/8 network is split in two or more different networks, like 10.0.0.0/24 and 10.0.1.0/24.
Now I wish to access both networks at the same time using Mavericks built-in VPN client. One VPN network is on L2TP, the other PPTP.
However only the devices in the first established VPN connection can be reached, and not the computers on the second network. The only exception is the remote IP (gateway) of VPN connection #2.
How can I fix this set and forget?
Note: With set and forget I mean I don't want to have extra steps when "dialing" an already existing VPN connection profile.
Best Answer
Routing issue
The issue here is that both VPN connection profiles are in a 10 network, which officially comes with a
/8
a.k.a.255.0.0.0
a.k.a.0xff000000
netmask. So when establishing both VPN connections at once, you end up with only one destination in the routing table for the 10-network. And that routing entry will route all 10.x.x.x traffic to the first established ppp connection, except for the local and remote IP addresses in the second ppp connection.Routing solution
The fix is to manually extend the routing table with the desired entries. There is no need to remove the 10 entry, only add new route entries. As long as the newly added route entries address a smaller subnet the entry will have preference. Read this as: when the subnet has a higher
/X
number. For example/24
is higher then/8
so a10/24
entry will have preference over a10/8
routing entry. Basically add a new routing entry after having established the second VPN connection, like:$ sudo /sbin/route -n add -net 10.0.2.0/24 -interface ppp1
Automation solution
It is cumbersome and can introduce mistakes when having to enter the route manually after having established the secondary VPN connection. Luckily there is a solution built-into the ppp daemon using
if-up
, as you can read in$ man pppd
. Every time a ppp (VPN) connection is establish that uses IPv4 addressing, a script (/etc/ppp/if-up
) is called where you can execute your custom rules/commands a.k.a. hooks.The script below is extensively commented and should be self explanatory.
Your Mac might not have this script (
$ ls /etc/ppp
). In that case create it ($ sudo touch /etc/ppp/ip-up
) with executable permissions ($ sudo chmod +x /etc/ppp/ip-up
).With thanks for the idea from jalbrecht2000 at http://hints.macworld.com/article.php?story=20030906232648318