"
Possibly when using the route update mechanism. In my case, I needed to organize routing into a VPN tunnel for several subnets, and also use NAT to ensure that the user's IP was replaced with the client's VPN IP. I created an alias "subnets" and added it to the NAT firewall rules, and also when connecting to a VPN, a script is executed
construct
Code Select
#!/bin/bash
vpnIf="$1"
defIf="bridge1"
if [[ $(netstat -rn -f inet | egrep ^.*$1 | wc -l) -ge 1 ]]; then
VPN_NET=$(pfctl -t subnets -T show)
for ITEM in $VPN_NET
do
route add -net $ITEM -interface $vpnIf
done
route change -net 0.0.0.0/0 -interface $defIf
construct
Code Select
VPN_NET=$(pfctl -t subnets -T show) allows you to pass the contents of the "subnets" alias to the script
