Monday, June 02, 2008

Configuring Cisco VPN for local DNS connections on Leopard

1/ Connect CISCO VPN client - it will overwrite DNS settings in /etc/resolv.conf with whatever is read from the network the VPN is connecting to.

If you're unlucky at this point normal DNS queries will no longer work.


2/ Use scutil to add a local DNS server:



diciu$ sudo scutil
> get State:/Network/Service/com.cisco.VPN/DNS

> d.show
 {
  ServerAddresses :  {
    0 : 10.10.10.1
    1 : 10.10.10.2
  }
  DomainName : somedomain.com
  SearchDomains :  {
    0 : somedomain.com
    1 : modulo.ro
  }
}
> d.add ServerAddresses * 193.231.199.1
> set State:/Network/Service/com.cisco.VPN/DNS
> d.show
 {
  ServerAddresses :  {
    0 : 193.231.199.1
  }
  DomainName : somedomain.com
  SearchDomains :  {
    0 : somedomain.com
    1 : modulo.ro
  }
}


Single line command:


printf "get State:/Network/Service/com.cisco.VPN/DNS\nd.add ServerAddresses * 193.231.199.1\nset State:/Network/Service/com.cisco.VPN/DNS" | sudo scutil


References: Using scutil to set DNS server
Posted by diciu at 3:33 PM
Labels: , , ,

4 comments:

Anonymous said...

THANK YOU. This seems to be the only page on the internet addressing this issue. I did have to use a different IP address for the DNS server, though.

7:16 PM
Anonymous said...

Thank you very much. I was getting frustrated with the inability to contact my VMs by name when connected to the corporate VPN, this solution is GOLD! :)

This is not a question for you, but...

if only we could make this happen automatically when connecting the VPN... ;)

Thanks again, Andrew

6:51 AM
Anonymous said...

Thanks so much, finally someone with some brains!!! Great fix.

8:51 AM
Anonymous said...

Good tip. Problem is if you change back to local DNS server you won't be able to resolve names in remote domain, unless your local domain is forwarding requests there. That seems unlikely since it wouldn't have inside DNS access unless it too was using VPN and site-to-site in that case.

Here is a script I concocted to switch between local and remote DNS. You can easily turn this script into a toggle function, but I use a -d parameter to switch back to the VPN config. In my case remote DNS servers are 172.16.1.1xx and local servers are 172.20.10.xx.

#!/bin/sh

if [ x"$1" = x"-d" ] ; then
printf "get State:/Network/Service/com.cisco.VPN/DNS\nd.add ServerAddresses * 172.16.1.148 172.16.1.149\nset State:/Network/Service/com.cisco.VPN/DNS" | sudo scutil
else
printf "get State:/Network/Service/com.cisco.VPN/DNS\nd.add ServerAddresses * 172.20.10.20 172.20.10.21\nset State:/Network/Service/com.cisco.VPN/DNS" | sudo scutil
fi

8:08 PM

Post a Comment

Subscribe to: Post Comments (Atom)