MacOS VPN Auto Add Routes



I tested on macOS 10.14, L2TP VPN.

I connect to my office VPN to work remotely, but I don’t want to send all traffic to VPN interface. Usually, I open a Terminal.app and execute commands after VPN connected:

192.168.2.0/24 is address block used in my office, 192.168.100.1 is VPN gateway address.

It’s really inconvenient. But I have a new solution: networksetup.

Usage: networksetup -setadditionalroutes <networkservice> [ <dest> <mask> <gateway> ]*
        Set additional IPv4 routes associated with <networkservice>
        by specifying one or more [ <dest> <mask> <gateway> ] tuples.
        Remove additional routes by specifying no arguments.
        If <gateway> is “”, the route is direct to the interface

First, find your service name.

Find your VPN connection name, in my case ‘My Office’.

If you have multiple route entries to add,

L2TP is a Point-to-Point VPN, the gateway address is not that important, that’s why I use “” instead of 192.168.100.1.



MacOS VPN Auto Add Routes by @sskaje: https://sskaje.me/2019/04/macos-vpn-auto-add-routes/

Hijack DnsPod HttpDNS



劫持DNS是个很简单的工作,家用路由器基本都自带dnsmasq,直接加解析就行。

之前某次尝试劫持某视频App的广告接口解析到一个空的本地服务器上,发现该App使用了DnsPod的HttpDNS服务,所以传统的DNS劫持方案不好用。而EdgeRouter的DPI功能也没有对外开放墙一般的高级接口,所以这次用NAT来实现。

Continue reading “Hijack DnsPod HttpDNS” »

Hijack DnsPod HttpDNS by @sskaje: https://sskaje.me/2019/04/hijack-dnspod-httpdns/

Asus Merlin Policy Based Routing



之前写过一个版本,基于380.x的,一开始好用,最近过来发现不好使了。索性把家里路由升级到384.9,重新配置。

拓扑结构基本不变,增加了需求让两边家里能互通,所以把NAT关了。

这回直接简化,搞了个github的repo,https://github.com/sskaje/merlin-pbr,把jffs的配置脚本放进去了,依旧是 dnsmasq + ipset,但是openvpn-event脚本 也可以手工维护路由列表,自动走openvpn的网卡。



Asus Merlin Policy Based Routing by @sskaje: https://sskaje.me/2019/02/asus-merlin-policy-based-routing/

北京联通IPv6 DNS



之前google搜的时候,看到有人说一个 好像是 dnslab.net 的,千万别用!!!



北京联通IPv6 DNS by @sskaje: https://sskaje.me/2018/12/beijing-china-unicom-ipv6-dns/