macosx high sierra cisco ipsec vpn

Mac OSX Sierra DNS resolver workaround for IPSEC VPN connections

For some unknown reason, on both Mac OSX Sierra and Mac OSX High Sierra, when connected to my work VPN using a “Cisco IPSEC VPN” connection, the DNS resolver is not working as expected. And by that I mean that even if I have manually configured a specific DNS server for that connection, it seems that the OS will always use the default DNS servers of my Wi-Fi connection.

I did try to change the connection order as someone was suggesting on a forum but with no luck. I have deleted the VPN connection and re-created it. I have linked /etc/resolv.conf to /var/run/resolv.conf, also deleted /etc/resolv.conf completely but still no luck. The only way everything was working right was to manually add the DNS server(s) at the beginning of /etc/resolv.conf file.

In the end, after reading different opinions and posts I have managed to find a workaround (not sure if it’s the best solution but at least it works):

1) create a folder named resolver in /etc
mkdir /etc/resolver
2) go to that location
cd /etc/resolver
3) create specific entries for your behind VPN domains (in my case there is a local only .tld that we use for our company (like .abcd let’s say)

So I did create a file like /etc/resolver/abcd with the following contents:
nameserver private-dns-ip-1 nameserver private-dns-ip-2 domain abcd

Save that file, connect to the VPN and try pinging any of your hosts. It works like a charm. No more manually eding of /etc/hosts file for different hosts and servers.

Leave a Comment

Your email address will not be published. Required fields are marked *

Scroll to Top