How to only route office traffic over the VPN while having default route for other traffic?
I have a VPN to my office and would like to route only office traffic over the VPN while maintaining my default route for other traffic.
I have attempted the following:
sudo route delete default
sudo route add default 192.168.1.254
sudo route add 172.0.0.0/8 172.26.7.79
Routing table after change:
Internet:
Destination Gateway Flags Refs Use Netif Expire
default 192.168.1.254 UGScI 1 0 en1
default 192.168.1.254 UGScI 4 0 en0
127 127.0.0.1 UCS 0 0 lo0
127.0.0.1 127.0.0.1 UH 3 898 lo0
162.119.232.200 192.168.1.254 UGHS 3 78 en0
169.254 link#7 UCS 1 0 en0
172.0/8 172.26.7.79 UGSc 3 0 utun0
172.26.7.79 172.26.7.79 UH 34 95 utun0
192.168.1 link#7 UCS 9 0 en0
192.168.1 link#4 UCSI 3 0 en1
192.168.1.202 127.0.0.1 UHS 0 48 lo0
192.168.1.203 127.0.0.1 UHS 0 2 lo0
192.168.15 link#10 UC 3 0 vmnet8
192.168.99 link#9 UC 2 0 vmnet1
When this happens, I can get to 172.0.0.0/8 but I can't get anywhere else.
If I add a default route back such as:
sudo route default 172.26.7.79
Then everything starts working again.
Starting Routing Table:
Internet:
Destination Gateway Flags Refs Use Netif Expire
default 172.26.7.79 UGSc 2 0 utun0
default 192.168.1.254 UGScI 0 0 en1
default 192.168.1.254 UGScI 3 0 en0
127 127.0.0.1 UCS 0 0 lo0
127.0.0.1 127.0.0.1 UH 3 898 lo0
162.119.232.200 192.168.1.254 UGHS 3 94 en0
169.254 link#7 UCS 1 0 en0
192.168.1 link#7 UCS 9 0 en0
192.168.1 link#4 UCSI 5 0 en1
192.168.1.202 127.0.0.1 UHS 0 48 lo0
192.168.1.203 127.0.0.1 UHS 0 2 lo0
192.168.15 link#10 UC 3 0 vmnet8
192.168.15.132 0:c:29:14:38:20 UHLWIi 0 152 vmnet8 1136
192.168.99 link#9 UC 2 0 vmnet1
Any ideas?
This is how you route specific traffic over an interface sudo route add google.com en1 (en1 is the interface).
In order to find the interface use ifconfigcommand, run the command before and after connecting VPN and determine on which interface the VPN is running.
A similar question has a detailed answer.
Use the -ifscope switch to remove the existing default gateways with the UGScI flags:
sudo route delete default delete global gateway (presumably assigned by VPN)
sudo route delete default -ifscope en0 delete en0 dedicated gateway
sudo route delete default -ifscope en1 delete en1 dedicated gateway
sudo route add default 192.168.1.254 create new (local) default gateway
sudo route add 172.0.0.0/8 172.26.7.79 create office traffic route