VPN messes up DNS resolution

Posted by user124114 on Super User See other posts from Super User or by user124114
Published on 2012-03-21T17:28:21Z Indexed on 2012/03/21 17:31 UTC
Read the original article Hit count: 300

Filed under:
|

After connecting with the Kerio VPN client (OS X Leopard) to a server, the internet (~web browsing) stopped working for the client.

After poking around, the issue seems to be bad DNS server (i.e., entering IPs directly works). After disconnecting from the VPN, the invalid DNS server disappears from scutil --dns and all's well again.

Now, I don't understand why OS X on the client even changes the DNS settings -- internet should be routed through a different interface, through the default gateway, not through the VPN.

Questions:

  1. By what mechanism does connecting the VPN client change the "default" DNS server?
  2. How can I stop the VPN client from changing routing/DNS rules? Where is this stuff stored/modified?

Before VPN:

$ scutil --dns
DNS configuration

resolver #1
  nameserver[0] : 10.66.77.1 # <---- default gateway = home router; all good
  order   : 200000

resolver #2
  domain : local
  options : mdns
  timeout : 2
  order   : 300000

...

VPN connected:

$ scutil --dns
DNS configuration

resolver #1
  nameserver[0] : 192.168.1.1 # <--- rubbish
  nameserver[1] : 192.168.2.1
  order   : 200000

resolver #2
  domain : local
  options : mdns
  timeout : 2
  order   : 300000

...

The VPN doesn't appear among $ networksetup -listallnetworkservices.

© Super User or respective owner

Related posts about osx

Related posts about vpn