• Open Menu Close Menu
  • Apple
  • Shopping Bag
  • Apple
  • Mac
  • iPad
  • iPhone
  • Watch
  • TV
  • Music
  • Support
  • Search apple.com
  • Shopping Bag

Lists

Open Menu Close Menu
  • Terms and Conditions
  • Lists hosted on this site
  • Email the Postmaster
  • Tips for posting to public mailing lists
Network/DNS configuration for tun/tap interfaces ...
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Network/DNS configuration for tun/tap interfaces ...

  • Subject: Network/DNS configuration for tun/tap interfaces ...
  • From: Matthew Grooms <email@hidden>
  • Date: Sat, 08 Dec 2012 16:19:49 -0600
All,
Hello. I have an IPsec VPN client that I'm attempting to port to OSX. The software consists of a cross-platform IKE daemon that interacts with the PF_KEY layer and a set of Qt based GUI apps that interact with the IKE daemon to manage connectivity. The VPN client can be configured to either use an existing network interface IP or a tap interface IP as the traffic source for private network traffic. In the latter case, the tap interface is just a dummy source/target used to assign IP config settings to as the IPsec traffic is processed by the kernel before any frames reach the user accessible device ( /dev/tapX ).
All the components are working on OSX, but I'm struggling to find the 'correct' way to configure DNS settings programmatically. I have read all the material I could find using google, but most of it is related to setting up PPP interfaces or using a script to write config changes via scutil.
My first thought was to call SCNetworkInterfaceCopyAll() and use the interface reference to create a new network service that could be used to define the DNS settings. However, even though I see tap0 listed in the Interfaces state key ( is that the right term? ) when the tunnel is active ... 

sh-3.2# scutil
> get State:/Network/Interface
> d.show
<dictionary> {
  Interfaces : <array> {
    0 : lo0
    1 : gif0
    2 : stf0
    3 : en0
    4 : en1
    5 : fw0
    6 : tap0
  }
}
>

... and I see IPv4 state for interface tap0 ...

sh-3.2# scutil
> list
  subKey [0] = Plugin:IPConfiguration
  subKey [1] = Plugin:InterfaceNamer
  subKey [2] = Setup:
  subKey [3] = Setup:/
  subKey [4] = Setup:/Network/Global/IPv4
  subKey [5] = Setup:/Network/HostNames
  subKey [6] = Setup:/Network/Interface/en1/AirPort
  subKey [7] = Setup:/Network/Service/0082AFF7-37DF-48F1-87ED-94C166EAC4FB
subKey [8] = Setup:/Network/Service/0082AFF7-37DF-48F1-87ED-94C166EAC4FB/IPv4 subKey [9] = Setup:/Network/Service/0082AFF7-37DF-48F1-87ED-94C166EAC4FB/IPv6 subKey [10] = Setup:/Network/Service/0082AFF7-37DF-48F1-87ED-94C166EAC4FB/Interface subKey [11] = Setup:/Network/Service/0082AFF7-37DF-48F1-87ED-94C166EAC4FB/Proxies 
  subKey [12] = Setup:/Network/Service/032868A3-1B5F-4B04-A71E-B56DF24F9685
subKey [13] = Setup:/Network/Service/032868A3-1B5F-4B04-A71E-B56DF24F9685/IPv4 subKey [14] = Setup:/Network/Service/032868A3-1B5F-4B04-A71E-B56DF24F9685/IPv6 subKey [15] = Setup:/Network/Service/032868A3-1B5F-4B04-A71E-B56DF24F9685/Interface subKey [16] = Setup:/Network/Service/032868A3-1B5F-4B04-A71E-B56DF24F9685/Proxies 
  subKey [17] = Setup:/Network/Service/44EC44DB-69A8-430D-A91E-A5F30A3F0C30
subKey [18] = Setup:/Network/Service/44EC44DB-69A8-430D-A91E-A5F30A3F0C30/IPv4 subKey [19] = Setup:/Network/Service/44EC44DB-69A8-430D-A91E-A5F30A3F0C30/IPv6 subKey [20] = Setup:/Network/Service/44EC44DB-69A8-430D-A91E-A5F30A3F0C30/Interface subKey [21] = Setup:/Network/Service/44EC44DB-69A8-430D-A91E-A5F30A3F0C30/Proxies 
  subKey [22] = Setup:/Network/Service/704014FF-0F7A-4015-9B85-DC46091DCFD9
subKey [23] = Setup:/Network/Service/704014FF-0F7A-4015-9B85-DC46091DCFD9/IPv4 subKey [24] = Setup:/Network/Service/704014FF-0F7A-4015-9B85-DC46091DCFD9/IPv6 subKey [25] = Setup:/Network/Service/704014FF-0F7A-4015-9B85-DC46091DCFD9/Interface subKey [26] = Setup:/Network/Service/704014FF-0F7A-4015-9B85-DC46091DCFD9/Modem subKey [27] = Setup:/Network/Service/704014FF-0F7A-4015-9B85-DC46091DCFD9/PPP subKey [28] = Setup:/Network/Service/704014FF-0F7A-4015-9B85-DC46091DCFD9/Proxies 
  subKey [29] = Setup:/System
  subKey [30] = State:/IOKit/Power/CPUPower
  subKey [31] = State:/IOKit/PowerManagement/CurrentSettings
  subKey [32] = State:/IOKit/PowerManagement/SystemLoad
  subKey [33] = State:/IOKit/PowerManagement/SystemLoad/Detailed
  subKey [34] = State:/Network/Connectivity
  subKey [35] = State:/Network/Global/DNS
  subKey [36] = State:/Network/Global/IPv4
  subKey [37] = State:/Network/Global/Proxies
  subKey [38] = State:/Network/Global/SMB
  subKey [39] = State:/Network/Interface
  subKey [40] = State:/Network/Interface/en0/IPv4
  subKey [41] = State:/Network/Interface/en0/IPv6
  subKey [42] = State:/Network/Interface/en0/Link
  subKey [43] = State:/Network/Interface/en0/SleepProxyServers
  subKey [44] = State:/Network/Interface/en1/AirPort
  subKey [45] = State:/Network/Interface/en1/CaptiveNetwork
  subKey [46] = State:/Network/Interface/en1/Link
  subKey [47] = State:/Network/Interface/en1/__SERVICE__
  subKey [48] = State:/Network/Interface/fw0/Link
  subKey [49] = State:/Network/Interface/lo0/IPv4
  subKey [50] = State:/Network/Interface/lo0/IPv6
  subKey [51] = State:/Network/Interface/lo0/LinkQuality
  subKey [52] = State:/Network/Interface/tap0/IPv4
  ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  subKey [53] = State:/Network/MulticastDNS
  subKey [54] = State:/Network/NetBIOS
  subKey [55] = State:/Network/PrivateDNS
subKey [56] = State:/Network/Service/032868A3-1B5F-4B04-A71E-B56DF24F9685/DHCP subKey [57] = State:/Network/Service/032868A3-1B5F-4B04-A71E-B56DF24F9685/DNS subKey [58] = State:/Network/Service/032868A3-1B5F-4B04-A71E-B56DF24F9685/IPv4 subKey [59] = State:/Network/Service/032868A3-1B5F-4B04-A71E-B56DF24F9685/SMB 
  subKey [60] = State:/Users/ConsoleUser
subKey [61] = com.apple.DirectoryService.NotifyTypeStandard:DirectoryNodeAdded 
  subKey [62] = com.apple.opendirectoryd.node:/Contacts
  subKey [63] = com.apple.opendirectoryd.node:/Search
  subKey [64] = com.apple.smb
... the call to SCNetworkInterfaceCopyAll() doesn't return an interface reference for tap0. And as far as I can tell, all the SCNetworkConfig functions that would be useful appear to require an interface reference as a parameter.
I toyed around with modifying the primary interface DNS settings to point to the tunnel specific private DNS server IP, but that causes the resolver to send DNS requests to the correct IP but out the wrong NIC ( I see the DNS requests on en0 even though the route table says the DNS server is reachable via the tap0 ). I assume this is due to the DNS service definition being layered over en0 and not tap0.
In any case, I'm not that familiar with OSX internals ( if that's not already obvious :). I could really use a push in the right direction. 

Thanks in advance,

-Matthew
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Macnetworkprog mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:

This email sent to email@hidden
  • Prev by Date: Re: Macnetworkprog Digest, Vol 9, Issue 98
  • Next by Date: Peer-to-peer SSL/TLS best practices/strategy
  • Previous by thread: Re: Macnetworkprog Digest, Vol 9, Issue 98
  • Next by thread: Peer-to-peer SSL/TLS best practices/strategy
  • Index(es):
    • Date
    • Thread