On 22 April 2014 17:50, Kevin Cernekee <cernekee at gmail.com> wrote: > Could you double-check to see if you're running the latest vpnc-script > from here: > > http://git.infradead.org/users/dwmw2/vpnc-scripts.git/blob_plain/HEAD:/vpnc-script There's a minor change to the v6 routing, but nothing major. Updated anyway, no change. > There is some logic in the script to run scutil on OSX to set up DNS. > The first thing I'd try is running "scutil --dns" to dump out the > current configuration. Ah, this is interesting. /etc/resolv.conf lists the two VPN name servers, but scutil --dns has this: $ scutil --dns DNS configuration resolver #1 search domain[0] : ger.corp.intel.com nameserver[0] : 192.168.1.1 nameserver[1] : 0.0.0.0 if_index : 8 (en3) flags : Request A records (this is my local network's DNS configuration from before the VPN came up, surely this should have been removed) resolver #2 domain : ger.corp.intel.com nameserver[0] : 10.248.2.1 nameserver[1] : 163.33.253.76 flags : Request A records reach : Reachable order : 100600 (this is the VPN DNS configuration) I'd guess that this list is being searched in order, so OSX is always using my local DNS? If I uncomment this scutil argument in vpnc-script then the VPN name servers are always used: # next line overrides the default gateway and breaks split routing #d.add Router $INTERNAL_IP4_ADDRESS With this, resolver #1 and #2 are identical with both having the VPN nameservers. Is this related to the split networking? The relevant variables from the vpn are: CISCO_SPLIT_EXC=1 CISCO_SPLIT_EXC_0_ADDR=0.0.0.0 CISCO_SPLIT_EXC_0_MASK=255.255.255.255 CISCO_SPLIT_EXC_0_MASKLEN=32 Ross
