How to only route office traffic over the VPN while having default route for other traffic?

I have a VPN to my office and would like to route only office traffic over the VPN while maintaining my default route for other traffic.

I have attempted the following:

sudo route delete default
sudo route add default 192.168.1.254
sudo route add 172.0.0.0/8 172.26.7.79

Routing table after change:

Internet:
Destination        Gateway            Flags        Refs      Use   Netif Expire
default            192.168.1.254      UGScI           1        0     en1
default            192.168.1.254      UGScI           4        0     en0
127                127.0.0.1          UCS             0        0     lo0
127.0.0.1          127.0.0.1          UH              3      898     lo0
162.119.232.200    192.168.1.254      UGHS            3       78     en0
169.254            link#7             UCS             1        0     en0
172.0/8            172.26.7.79        UGSc            3        0   utun0
172.26.7.79        172.26.7.79        UH             34       95   utun0
192.168.1          link#7             UCS             9        0     en0
192.168.1          link#4             UCSI            3        0     en1
192.168.1.202      127.0.0.1          UHS             0       48     lo0
192.168.1.203      127.0.0.1          UHS             0        2     lo0
192.168.15         link#10            UC              3        0  vmnet8
192.168.99         link#9             UC              2        0  vmnet1

When this happens, I can get to 172.0.0.0/8 but I can't get anywhere else.

If I add a default route back such as:

sudo route default 172.26.7.79

Then everything starts working again.

Starting Routing Table:

Internet:
Destination        Gateway            Flags        Refs      Use   Netif Expire
default            172.26.7.79        UGSc            2        0   utun0
default            192.168.1.254      UGScI           0        0     en1
default            192.168.1.254      UGScI           3        0     en0
127                127.0.0.1          UCS             0        0     lo0
127.0.0.1          127.0.0.1          UH              3      898     lo0
162.119.232.200    192.168.1.254      UGHS            3       94     en0
169.254            link#7             UCS             1        0     en0
192.168.1          link#7             UCS             9        0     en0
192.168.1          link#4             UCSI            5        0     en1
192.168.1.202      127.0.0.1          UHS             0       48     lo0
192.168.1.203      127.0.0.1          UHS             0        2     lo0
192.168.15         link#10            UC              3        0  vmnet8
192.168.15.132     0:c:29:14:38:20    UHLWIi          0      152  vmnet8   1136
192.168.99         link#9             UC              2        0  vmnet1

Any ideas?


This is how you route specific traffic over an interface sudo route add google.com en1 (en1 is the interface).

In order to find the interface use ifconfigcommand, run the command before and after connecting VPN and determine on which interface the VPN is running.

A similar question has a detailed answer.


Use the -ifscope switch to remove the existing default gateways with the UGScI flags:

sudo route delete default delete global gateway (presumably assigned by VPN)

sudo route delete default -ifscope en0 delete en0 dedicated gateway

sudo route delete default -ifscope en1 delete en1 dedicated gateway

sudo route add default 192.168.1.254 create new (local) default gateway

sudo route add 172.0.0.0/8 172.26.7.79 create office traffic route