VPN now becomes a ubiquitous way for climbing over GFW in China. However, once the Mac is connected with VPN and sends traffic thru it , VPN’s dns and route setting will take priority over the default network settings, which sometimes is quite inconvenient for fast accessing local sites and using other dedicated network like ipv6.

There’s a combination of configurations to work around the dns and route table of VPN:

1) when connected to the VPN, in Terminal, use the way described to find which VPN’s dns you want modify

2) in Terminal, sudo vi /etc/ppp/scutil_vpn.txt, add following lines, replace the GUID with your target GUID:

d.init

get State:/Network/Service/E6592FF4-8A4F-4C86-B1A2-F865D658D4FF/DNS

d.add ServerAddresses *

set State:/Network/Service/E6592FF4-8A4F-4C86-B1A2-F865D658D4FF/DNS

4) in Terminal, sudo vi /etc/ppp/ip-up,(make it executable), add following lines, and modify the TARGET_IPADDR and MASK of which network subnet you want to go thru the VPN:

#!/bin/sh

/sbin/route add TARGET_IPADDR/MASK $5

/usr/sbin/scutil < /etc/ppp/scutil_vpn.txt

5) install and use dnsmasq to direct wildcard dns resolving for target server names to the VPN dns server

6) in the VPN settings, uncheck “Send All Traffic” box

7) done.

Now when you are connected with the target VPN, you will only go through the VPN to visit target domain names and ip you’ve set, with all other network like ipv6 unchanged. Of course,  the settings could be reversed to send most traffic thru VPN, leaving a few sites accessing locally.