Summary

A /etc/ppp/ip-up script to route traffic to specific domains through openfortivpn. This script works with macOS Catalina (10.15).

References:

• openfortivpn-wiki (basic structure of the script)
• Serverfault thread (cname resolution with pearl)

How To

Modify the file /etc/ppp/ip-up to your needs: /etc/ppp/ip-up

#!/bin/sh
#
# Repeat the perl command for domains where the first entry is a cname
ips="$(perl -MSocket -E 'say inet_ntoa(inet_aton("subdomain1.example.com"))')"
ips="$ips $(perl -MSocket -E 'say inet_ntoa(inet_aton("subdomain2.example.com"))')"
ips="$ips $(perl -MSocket -E 'say inet_ntoa(inet_aton("subdomain3.example.com"))')"

# Add all domains that are resolvable with "dig +short" here
domains='subdomain4.example.com www.example.com'

let resolved
for domain in $domains; do
  resolved=`dig +short $domain | tr "\n" " "`
  ips="$ips $resolved"
done

# Add routes for each ip (domainnames that were not resolved will simply not be added)
for ip in $ips; do
  /sbin/route add -host $ip -interface $1
done
afplay /System/Library/Sounds/Glass.aiff

And start openfortivpn without setting any routes or using the VPN's DNS servers:

sudo openfortivpn -c /etc/openfortivpn/config --no-route --no-dns