SOLVED: multiple DNS server settings with *pure* DHCP/tap

Viscosity Menu Icon Packs, Two-Factor Scripts, & OpenVPN Config Tool

MasterYous

Posts: 13
Joined: Wed Apr 14, 2010 9:41 am

Post by MasterYous » Thu May 27, 2010 9:03 am
Normally, if you are using DHCP with a bridged interface in OpenVPN (e.g. not using DHCP-OPTIONS or server-push), you will find that the DNS support scripts in OpenVPN cause problems for you - you will not get any DNS set, because the scripts rely on the aforementioned dhcp options being sent over from the server. If you're using a DHCP server to set everything via DHCP, you really wouldn't want to use dhcp-options - at least I didn't want to.

I wrote an earlier post about how to solve this using new DNS scripts I modified for Viscosity that use OS X's scutil command to set DNS servers for a DHCP connection. The problem with those scripts was that they overwrote your primary DNS settings with the ones from your DHCP server. This may be fine for most, but not for me - I also need my employer's DNS settings to remain in the queue.

Here are some scripts that use the built-in PyObjC framework found in MacOS 10.6 - this bridge allows you to access the SCDynamicStore objective C API using Python. Using that framework, you can do fun things dynamically with key/value pairs that are managed by scutil. One of them is setting DNS settings dynamically, without blowing away your old DNS settings!

If you use these scripts, note the following:

1. You MUST be using a tap device, you MUST be broadcasting everything via DHCP, you must select "Enable DHCP" for your connection, and you must also realize that this will only work for tap0 - the first tap device. The script could still be further modified to look for additional tap devices for additional VPN connections and add them all in as well, but I haven't done that. Feel free to modify them further.

2. The scutil/configd key
Code: Select all
State:/Network/Service/DHCP-tap0/DNS
gets populated ONLY AFTER the DHCP server sends stuff over. That key is critical since this is where the DNS settings from your DHCP server are passed to OSX. DHCP requests are a handshake, and sometimes this happens too late for the dnsup.py script to find them in time, since the script runs as soon as the tap device is opened. To remedy this problem, change the dnsup.py script to do nothing, and create a new script to do all the "real" work. Attach this script to the route script hook in OpenVPN, which can conveniently be delayed via the "route-delay" option in OpenVPN/Viscosity. That way you can set it to run several seconds after the DHCP handshake has had time to complete.
Code: Select all
route-delay 20
route-up "/Applications/Viscosity.app/Contents/Resources/dnsup-delayed.py tap0 1500 1574 init"
Attached you will find scripts for dnsdown, dnsup (which is a no-op), and dnsup-delayed which allow you to have multiple DNS settings while you are connected via OpenVPN/Viscosity.
Attachments
MULTI-dns_support.tgz
scripts (Python) to use with Viscosity
(2.64 KiB) Downloaded 3174 times

James

User avatar
Posts: 2312
Joined: Thu Sep 04, 2008 9:27 pm

Post by James » Fri Jun 11, 2010 5:05 am
Thanks for contributing this MasterYous - it's great to see users helping others in this fashion.

I've moved this topic to the Goodies section for others to better find.

Cheers,
James
Web: https://www.sparklabs.com
Support: https://www.sparklabs.com/support
Twitter: https://twitter.com/sparklabs
2 posts Page 1 of 1