Can't route specified site traffic to direct WiFi connection, to avoid VPN
macOS Catalina 10.15.2
WiFi on en0 (MAC xx:xx:xx:xx:85:80)
VPN — Wireguard CLI (utun2)
I have a permanent VPN connection and all traffic is going through it. But I need to route traffic for music.yandex.ru (213.180.204.186) to the Wi-Fi connection.
I used the command route add -host music.yandex.ru -interface en0 to do it. The resulting routing table (netstat -nr) is below:
Destination Gateway Flags Netif Expire
0/1 utun2 USc utun2
default 192.168.43.63 UGSc en0
10.217.47.164 10.217.47.164 UH utun2
127 127.0.0.1 UCS lo0
127.0.0.1 127.0.0.1 UH lo0
128.0/1 utun2 USc utun2
169.254 link#5 UCS en0 !
190.2.141.162 192.168.43.63 UGHS en0
192.168.43 link#5 UCS en0 !
192.168.43.42/32 link#5 UCS en0 !
192.168.43.63/32 link#5 UCS en0 !
192.168.43.63 0:a:f5:12:f9:98 UHLWIir en0 1197
213.180.204.186 xx:xx:xx:xx:85:80 UHLS en0
224.0.0/4 link#5 UmCS en0 !
224.0.0.251 1:0:5e:0:0:fb UHmLWI en0
255.255.255.255/32 link#5 UCS en0 !
But after adding the route for music.yandex.ru it becomes unreacheable. I don't get any ping returns.
Then, I used direct forward to my gateway IP by route add -host music.yandex.ru 192.168.43.63
Internet:
Destination Gateway Flags Netif Expire
0/1 utun2 USc utun2
default 192.168.43.63 UGSc en0
10.217.47.164 10.217.47.164 UH utun2
127 127.0.0.1 UCS lo0
127.0.0.1 127.0.0.1 UH lo0
128.0/1 utun2 USc utun2
169.254 link#5 UCS en0 !
190.2.141.162 192.168.43.63 UGHS en0
192.168.43 link#5 UCS en0 !
192.168.43.42/32 link#5 UCS en0 !
192.168.43.63/32 link#5 UCS en0 !
192.168.43.63 0:a:f5:12:f9:98 UHLWIir en0 1200
213.180.204.186 192.168.43.63 UGHS en0
224.0.0/4 link#5 UmCS en0 !
224.0.0.251 1:0:5e:0:0:fb UHmLWI en0
255.255.255.255/32 link#5 UCS en0 !
And everything works as I want. But I need to use the network interface instead of the gateway IP, because it usually changes from time to time.
How can I set proper redirection?
Your usage of the -interface option is faulty. As the router's man page man routerdescribes:
If the destination is directly reachable via an interface requiring no
intermediary system to act as a gateway, the -interface modifier should
be specified; the gateway given is the address of this host on the common
network, indicating the interface to be used for transmission.
The host music.yandex.ru (213.180.204.186) is no destination directly reachable via en0. It requires at least one intermediary system (your Wi-Fi router) to reach this host.
Compare this with your router:
192.168.43.63 0:a:f5:12:f9:98 UHLWIir en0 1200
The router's Wi-Fi interface is "directly connected" to your Mac's Wi-Fi interface. 0:a:f5:12:f9:98 is your router's MAC-address (some Airgo/Qualcomm device).
Additional background: The MAC address is an address of a node on the data link layer (layer 2). Layer 2 has no routing capability. Routing is done on the network layer (layer 3) - nodes of the network layer have IP addresses!
If your VPN app doesn't provide the feature to route single IP-addresses to the system's default gateway (the IP address of your Wi-Fi router), you indeed have to create static routes.
To deal with changing networks (and thus changing default gateways) simply create different locations in System Preferences > Network > Location.