Overriding Routing for VPNs on macOS

I have a Virtual Private Network (VPN) setup so that I can connect to my home network and use things such as my Synology file server when I’m not at home. This works most of the time when the IP address network of the local (e.g., Wi-Fi hotspot, etc.) doesn’t conflict with my home’s IP address network (10.x.y.0/24). However, I have come across some Wi-Fi hotspots which use a subnet of 10.0.0.0/8. The default route through the hotspot network is then used when I try to access my home resources, instead of going through the VPN.

For example, if I try to get the route to my home file server, I get the following result:

$ route get 10.x.y.2
   route to: diskstation.home
destination: diskstation.home
  interface: en1
      flags: <UP,HOST,DONE,LLINFO,WASCLONED,IFSCOPE,IFREF>
 recvpipe  sendpipe  ssthresh  rtt,msec    rttvar  hopcount      mtu     expire
       0         0         0         0         0         0      1500      1151

The interface that is used is en1, which is the Wi-Fi network on Macs. But we want it to be routed through the VPN connection.

Solution 1 – Add additional network route

In the case where the local subnet and remote subnet aren’t directly conflicting (e.g., your local network is using 10.a.b.0 mostly, and your remote network is using 10.x.y.0) a custom route can be added for the remote network. First, find the network interface of the VPN connection in ifconfig (in my particular case it’s ppp0). Then run the following:

$ sudo route add -net 10.x.y.0/24 -interface ppp0
add net 10.x.y.0: gateway ppp0

Then checking the route to the file server again shows it being routed through the proper interface:

$ route get 10.x.y.20
   route to: diskstation.home
destination: 10.x.y.0
       mask: 255.255.255.0
  interface: ppp0
      flags: <UP,DONE,STATIC,PRCLONING>
 recvpipe  sendpipe  ssthresh  rtt,msec    rttvar  hopcount      mtu     expire
       0         0         0         0         0         0      1280         0

This method allows access to all of your home/remote network resources with one additional route.

To remove the route after you’re done, run the following:

$ sudo route delete -net 10.x.y.0/24 -interface ppp0
delete net 10.x.y.0: gateway ppp0

Solution 2 – Add additional host route

In the case the local and remote networks are using the same subnet (e.g., 10.x.y.0) then it will likely be necessary to add a route for each particular resource you need to access, instead of routing the entire subnet at once.

The command to add a route for a host:

$ sudo route add -host 10.x.y.2 -interface ppp0
add host 10.x.y.2: gateway ppp0

The command to delete the route:

$ sudo route delete -host 10.x.y.2 -interface ppp0
delete host 10.x.y.2: gateway ppp0

List routes

To list all the routes currently active on the system:

$ netstat -nr

References

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.