OSX - Fix split DNS when doing split routing

Currently one can choose between two scenarios:

- overriding the default gateway, which breaks split routing, and honoring the
  DNS server as proposed by the server
- not overriding the default gateway, which enables split routing, but without
  honoring the DNS server as proposed by the server

446  # next line overrides the default gateway and breaks split routing
447  # d.add Router $INTERNAL_IP4_ADDRESS

Split DNS, when doing split routing, is enabled by adding INTERNAL_IP4_DNS to
the list of DNS servers.

Signed-off-by: Björn Ketelaars <bjorn.ketelaars@hydroxide.nl>
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>

diff --git a/vpnc-script b/vpnc-script
index 4e4fb4b57220f8e0069e4b897ca1ebc25f3026d0..2a38bcdaf3abc40d3ff9e1fb2cebef14480bc0da 100755 (executable)
--- a/vpnc-script
+++ b/vpnc-script
@@ -428,6 +428,25 @@ search $CISCO_DEF_DOMAIN"
                                                # Cannot use multiple DNS matching in this case
                                                OVERRIDE_PRIMARY='d.add OverridePrimary # 1'
                                        fi
+                                       # Overriding the default gateway breaks split routing
+                                       OVERRIDE_GATEWAY=""
+                                       # Not overriding the default gateway breaks usage of
+                                       # INTERNAL_IP4_DNS. Prepend INTERNAL_IP4_DNS to list
+                                       # of used DNS servers
+                                       SERVICE=`echo "show State:/Network/Global/IPv4" | scutil | grep -oE '[a-fA-F0-9]{8}-([a-fA-F0-9]{4}-){3}[a-fA-F0-9]{12}'`
+                                       SERVICE_DNS=`echo "show State:/Network/Service/$SERVICE/DNS" | scutil | grep -oE '([0-9]{1,3}[\.]){3}[0-9]{1,3}' | xargs`
+                                       if [ X"$SERVICE_DNS" != X"$INTERNAL_IP4_DNS" ]; then
+                                               scutil >/dev/null 2>&1 <<-EOF
+                                                       open
+                                                       get State:/Network/Service/$SERVICE/DNS
+                                                       d.add ServerAddresses * $INTERNAL_IP4_DNS $SERVICE_DNS
+                                                       set State:/Network/Service/$SERVICE/DNS
+                                                       close
+                                               EOF
+                                       fi
+                               else
+                                       # No split routing. Override default gateway
+                                       OVERRIDE_GATEWAY="d.add Router $INTERNAL_IP4_ADDRESS"
                                fi
                                # Uncomment the following if/fi pair to use multiple
                                # DNS matching when available.  When multiple DNS matching
@@ -443,8 +462,7 @@ search $CISCO_DEF_DOMAIN"
                                        d.add ServerAddresses * $INTERNAL_IP4_DNS
                                        set State:/Network/Service/$TUNDEV/DNS
                                        d.init
-                                       # next line overrides the default gateway and breaks split routing
-                                       # d.add Router $INTERNAL_IP4_ADDRESS
+                                       $OVERRIDE_GATEWAY
                                        d.add Addresses * $INTERNAL_IP4_ADDRESS
                                        d.add SubnetMasks * 255.255.255.255
                                        d.add InterfaceName $TUNDEV
@@ -488,6 +506,21 @@ restore_resolvconf_generic() {
                                        remove State:/Network/Service/$TUNDEV/DNS
                                        close
                                EOF
+                               # Split routing required prepending of INTERNAL_IP4_DNS
+                               # to list of used DNS servers
+                               if [ -n "$CISCO_SPLIT_INC" ]; then
+                                       SERVICE=`echo "show State:/Network/Global/IPv4" | scutil | grep -oE '[a-fA-F0-9]{8}-([a-fA-F0-9]{4}-){3}[a-fA-F0-9]{12}'`
+                                       SERVICE_DNS=`echo "show State:/Network/Service/$SERVICE/DNS" | scutil | grep -oE '([0-9]{1,3}[\.]){3}[0-9]{1,3}' | xargs`
+                                       if [ X"$SERVICE_DNS" != X"$INTERNAL_IP4_DNS" ]; then
+                                               scutil >/dev/null 2>&1 <<-EOF
+                                                       open
+                                                       get State:/Network/Service/$SERVICE/DNS
+                                                       d.add ServerAddresses * ${SERVICE_DNS##$INTERNAL_IP4_DNS}
+                                                       set State:/Network/Service/$SERVICE/DNS
+                                                       close
+                                               EOF
+                                       fi
+                               fi
                                ;;
                esac
        fi