Modify PPTP Routing Table

From Exterior Memory
Jump to: navigation, search
This article was written in January 2010. Given the very poor security of PPTP, it should no longer be used as of 2012. This article is no longer updated, and may be outdated.

In Mac OS X, you can configure a PPTP tunnel in the network preferences (In the network preference pane, click the plus to create a new service, and select "VPN").

By default, only data for routes advertised by the PPTP server use the PPTP tunnel. It is possible to add a few more routes, without having all traffic use the PPTP VPN tunnel. This can not be configured in the GUI, but it is easy to make a shell script that does exactly this.

Create a file /etc/ppp/ip-up, and make sure the file is executable: 

sudo touch /etc/ppp/ip-up
sudo chmod a+x /etc/ppp/ip-up

The contents of the file will look like this: 

#!/bin/sh
#
# Script which handles the routing issues as necessary for pppd,
# including for PPTP tunnels. Save this script as /etc/ppp/ip-up
# and make sure it is executable.
#
# When the ppp link comes up, this script is called with the following
# parameters
ifname=$1        # the interface name used by pppd (e.g. ppp3)
ttyname=$2       # the tty device name
speed=$3         # the tty device speed
localip=$4       # the local IP address for the interface
remoteip=$5      # the remote IP address
ipparam=$6       # the current IP address before connecting to the VPN

case "$remoteip" in
    172.24.38.116)
        /sbin/route add -net 192.0.2.0/24 -interface $ifname
        /sbin/route add -net 10.3.0.0/16 -interface $ifname
        /sbin/route add -host 192.168.12.54 -interface $ifname
        ;;
esac

exit 0;

(These IP ranges are obviously examples and should be changed to whatever you require).

If the PPTP tunnel is brought down, the routes are automatically removed from the routing table. You can test by displaying the routing table with netstat -rn -f inet. If the routes are not automatically brought down on your system, you may want to create an additional /etc/ppp/ip-down script, which is called when the tunnel is brought down. The same script will do, with the route additions replaced with route deletions: 

/sbin/route delete -net 192.0.2.0/24 -interface $ifname
/sbin/route delete -net 10.3.0.0/16 -interface $ifname
/sbin/route delete -host 192.168.12.54 -interface $ifname

This has been tested on Mac OS X, but the /etc/ppp/ip-up script will also work on other Linux and BSD operating systems. Be aware that the syntax for the route command is slightly different on Linux than the above BSD syntax.

On Linux, the commands are: 

/sbin/route add -net 192.0.2.0/24 dev $ifname
/sbin/route add -net 10.3.0.0/16 dev $ifname
/sbin/route add -host 192.168.12.54 dev $ifname
Retrieved from "http://www.macfreek.nl/memory/index.php?title=Modify_PPTP_Routing_Table&oldid=5303"