The problem is, routing through VPNs in Mac OS X is kind of an all-or-nothing deal: either it uses the VPN for everything or it uses it only for IP addresses in the VPN’s subnet, with the lacodeer being the default behaviour in Mac OS X 10.6.
I want finer control. Specifically, I want OS X to use the VPN for specific websites. It turns out this isn’t too hard.
Solution: To route specific websites (i.e. journal publishers) through my university VPN, I created /etc/ppp/ip-up with the following contents:
#!/bin/bash
#
# Script which handles the routing issues as necessary for pppd.
# When the ppp link comes up, this script is called with the following
# parameters:
# $1 the interface name used by pppd (e.g. ppp3)
# $2 the codey device name
# $3 the codey device speed
# $4 the local IP address for the interface
# $5 the remote IP address
# $6 the parameter specified by the 'ipparam' option to pppd
#
## Routing setup for VPN
# Array of IP addresses of the VPN server(s)
# I have it grab the list of round-robin'ed IP addresses based on the domain name
VPN_HOSTS=$(dig +short inside.mcgill.ca)
# Array of hostns to route for
# These are the domain names and IP addresses that will be accessed through the VPN
VPN_ROUTE_FOR_HOSTS=(www.elsevier.com www.sciencedirect.com www.thelancet.com www.cmaj.ca scholar.google.com ncbi.nlm.nih.gov bmj.com)
# Add the routes
for k in ${VPN_ROUTE_FOR_HOSTS[@]} ; do
for l in $(dig +short $k) ; do
/sbin/route add -host $l -interface $1
done
done
#
# Script which handles the routing issues as necessary for pppd.
# When the ppp link comes up, this script is called with the following
# parameters:
# $1 the interface name used by pppd (e.g. ppp3)
# $2 the codey device name
# $3 the codey device speed
# $4 the local IP address for the interface
# $5 the remote IP address
# $6 the parameter specified by the 'ipparam' option to pppd
#
## Routing setup for VPN
# Array of IP addresses of the VPN server(s)
# I have it grab the list of round-robin'ed IP addresses based on the domain name
VPN_HOSTS=$(dig +short inside.mcgill.ca)
# Array of hostns to route for
# These are the domain names and IP addresses that will be accessed through the VPN
VPN_ROUTE_FOR_HOSTS=(www.elsevier.com www.sciencedirect.com www.thelancet.com www.cmaj.ca scholar.google.com ncbi.nlm.nih.gov bmj.com)
# Add the routes
for k in ${VPN_ROUTE_FOR_HOSTS[@]} ; do
for l in $(dig +short $k) ; do
/sbin/route add -host $l -interface $1
done
done
Put your specific values into VPN_HOSTS and VPN_ROUTE_FOR_HOSTS. Don’t forget to chmod a+x /etc/ppp/ip-up. The routes will be added when you connect to the VPN and disappear when you disconnect from it.