Network tweaking script to make Internet access available while connection to Danone Pulse Secure VPN (Split tunneling).

split_tunneling.sh

#! /usr/bin/env bash
# Author: Ryoka Kujo [email protected]
# Descripthon: Network tweaking script to make Internet access available
#   while connection to Pulse Secure VPN.

# network interface list can be retrieved by `networksetup -listallhardwareports`
# specify your network interface for internet access.
PUBLIC_INTERFACE=en7
# specify your network interface for VPN tunnel access.
TUNNEL_INTERFACE=utun2
# list ip/cidr addresses which needs route to intranet net.
TUNNEL_ROUTES=(10)
# list DNS servers used by public access.
PUBLIC_DNS=(8.8.8.8)

if [[ "$OSTYPE" != "darwin"* ]]; then
	echo "Script only supports macOS right now." 1>&2
	exit 1
fi

if (( EUID != 0 )); then
	echo "Please, run this command with sudo" 1>&2
	exit 1
fi

PUBLIC_GATEWAY=$(netstat -nrf inet | grep default | grep $PUBLIC_INTERFACE | awk '{print $2}')

# Reference. https://www.shadabahmed.com/blog/2013/08/11/split-tunneling-vpn-routing-table
echo "Resetting routes with gateway => $PUBLIC_GATEWAY"
echo
route -n delete default -ifscope $PUBLIC_INTERFACE
route -n delete -net default -interface $TUNNEL_INTERFACE
route -n add -net default "$PUBLIC_GATEWAY"

for subnet in "${TUNNEL_ROUTES[@]}"
do
	echo "Add static route $subnet to $TUNNEL_INTERFACE"
	echo
	route -n add -net "$subnet" -interface $TUNNEL_INTERFACE
done

echo "Set DNS for PulseSecure NIC."
# Reference. https://superuser.com/a/1482337 https://apple.stackexchange.com/a/324596
# we assume the default DNS set by pulsesecure are 10.0.0.1
scutil <<- EOF
	get State:/Network/Service/net.pulsesecure.pulse.nc.main/DNS
	d.add ServerAddresses '*' ${PUBLIC_DNS[@]} 10.0.0.1
	set State:/Network/Service/net.pulsesecure.pulse.nc.main/DNS
EOF