Internet Connect VPN

Scripting Forums Code Exchange
,
#1

I’m an AppleScript neebie, but piecing together things I found on this site I wrote the following AppleScript to make a connection to my companies VPN and then modify the kernels routing tables so that internet traffic doesn’t go through the VPN but goes directly to the internet. There are probably much better ways to do this, but this works for me. Hopefully some else can use it or improve it.

tell application "Internet Connect"
	set vpnState to state of status of configuration (get name of PPTP configuration 1)
	set newConnection to false
	if vpnState is equal to 8 then
		display dialog "Disconnect VPN" buttons {"Yes", "No"} default button 2 with icon stop giving up after 15
		if button returned of the result is "Yes" then disconnect configuration (get name of PPTP configuration 1)
	else
		connect configuration (get name of PPTP configuration 1)
		delay 8
		if state of status of configuration (get name of PPTP configuration 1) is equal to 8 then
			set newConnection to true
		end if
	end if
end tell

if newConnection is equal to true then
	do shell script "ifconfig ppp0 mtu 1400" with administrator privileges
	set gateWay to "10.192.5.9"
	do shell script "route delete -net default" with administrator privileges
	do shell script "route add -net default 10.0.1.1" with administrator privileges
	do shell script ("route add -net 10.192.0.0 " & gateWay) with administrator privileges
	do shell script ("route add -net 10.1.0.0 " & gateWay) with administrator privileges
	do shell script ("route add -net 10.2.0.0 " & gateWay) with administrator privileges
	do shell script ("route add -net 10.11.0.0 " & gateWay) with administrator privileges
	do shell script "echo 'nameserver 66.73.20.40' >> /etc/resolv.conf" with administrator privileges
	do shell script "echo 'nameserver 206.141.193.55' >> /etc/resolv.conf" with administrator privileges
end if

Model: PowerMac G5 2.7GHz DP
AppleScript: 1.10
Browser: Safari 412.5
Operating System: Mac OS X (10.4)

#2

Hello,

I am not only new to AppleScript but i am new to mac, could you explain what i would have to alter in that script to make it work for me?

Thanks,
Joseph Crawford

#3

To jCrawford: Not without specifics. You’d have to set up PPTP configuration 1 in the Internet Connect application’s VPN pane, and, of course, change all the numbers to suit your situation.

To mTennes: Without being able to test this at all, you could shorten it like this: (and your version is pretty mean scripting for a noob).



tell application "Internet Connect"
	set PPTPc to get name of PPTP configuration 1
	set vpnState to state of status of configuration PPTPc
	set newConnection to false
	if vpnState is 8 then
		display dialog "Disconnect VPN" buttons {"Yes", "No"} default button 2 with icon stop giving up after 15
		if button returned of the result is "Yes" then disconnect configuration PPTPc
	else
		connect configuration PPTPc
		delay 8
		if state of status of configuration PPTPc is 8 then
			set newConnection to true
		end if
	end if
end tell

-- assuming gateWay is always 10.192.5.9

set VPN to "ifconfig ppp0 mtu 1400
route delete -net default
route add -net default 10.0.1.1
route add -net 10.192.0.0 10.192.5.9 
route add -net 10.1.0.0 10.192.5.9
route add -net 10.2.0.0 10.192.5.9
route add -net 10.11.0.0 10.192.5.9 
echo 'nameserver 66.73.20.40' >> /etc/resolv.conf
echo 'nameserver 206.141.193.55' >> /etc/resolv.conf"

if newConnection is true then do shell script VPN with administrator privileges
#4

that’s the question i am not sure what all of those numbers are, they look like vpn ip and dns etc. but not sure what i need where

#5

Neither was the original poster, I’m fairly confidant. Normally, you would ask your network administrator for the changes you had to make to your routing table to reach the VPN. In the script below, he’s deleted his old default (don’t know what it was). but you can examine yours with:

do shell script "route get default"

which will include your gateway (router) and default mtu (how big a packet you send). It won’t say anything close to as complex as the set below because your default router looks after that and you aren’t changing that - you’re changing where your machine ‘aims’ it’s packets via that same router.

To use a VPN, more is needed because you aren’t using your ‘local’ network - you’re creating a ‘tunnel’.

There’s no way you can ‘know’ or ‘deduce’ these numbers yourself. Your network folks at the other end of the connection have to tell you.

#6

Thanks for the information, i will check witht he sys admins on the other end. Does this script look like it would stop internet traffic such as www.google.com from going through the VPN while connected? What i am really looking for is a way to direct local traffic to the net and not to the VPN. If for some reason an address does not resolve on the net such as wiki.intranet.local then and only then would it try the VPN otherwise it would use the internet connection.

I am not sure if this is possible but that’s the ideal way to do things for me. I did have the VPN setup to use my ISP name servers, then use the VPN name servers and that worked, but they did something on the VPN end and said that was a flaw that had to be fixed. Ideally i do not want all traffic to go over the VPN as bandwidth on the VPN is limited and i do not want to bog it down with traffic not pertaining to the VPN.

Thanks,
Joseph Crawford

#7

I’ve seen this discussed before JC, but don’t recall the resolution. Apparently, some routers can do it http://forums.macosxhints.com/showthread.php?t=60207&highlight=VPN but it requires the preparation of a fancy routing table which may be what the table in the OPs post is about - it sets routes through the VPN gateway for specific IP addresses, and I assume everything else goes through his normal LAN path. He’ll have to tell us that. Why don’t you email him and ask?

#8

Adam,

Thanks for all of your assistance, i have sent him an email and put in a call to our sys admin.

Thanks,
Joseph Crawford

#9

Ok i have found out taht this applescript will not help in my situation.

this script pretty much tries to resolve the domain by first using the company name servers, if it fails it will then try your ISP nameservers. This may work for most people’s needs however i am in a tough spot. Our company VPN doesnt restrict anything. If i go to a website it will resolve so it will never fall back to my ISP name servers. Is there a way to force all domains or local ip’s (if they are not local network) to go through the VPN? Here is what i wish to do.

We have domains like wiki.intranet.local, helpdesk.intranet.local, etc. I want any domain ending in intranet.local to go through the VPN, everything else like google.com, images.google.com etc to go through my ISP.

All domains for the company side of things are *.intranet.local, even the mail server exchange.intranet.local etc.

Is this possible to do with applescript?

Thanks,
Joseph Crawford

#10

nix the last post it will work however because i do not have a static vpn ip is it possible to do something like this

set gateWay to (get ip of PPTP configuration 1)

i tried to do that and it failed talking about end of line or , something.

#11

Just an update for anyone else who is fighting with this, try out DigiTunnel http://gracion.com/vpn/ it allows you to do routing just like this applescript only WAY easier to configure :slight_smile: I am using this now and will use applescript for automated actions when the vpn is connected such as mounting my smb drive, etc.

Thanks to mtennes for writing this script and Thanks to Adam for the assistance in the thread :slight_smile: