How to selectively route network traffic through VPN on Mac OS X Leopard?
I don't want to send all my network traffic down to VPN when I'm connected to my company's network (via VPN) from home. For example, when I'm working from home, I would like to be able to backup all my files to the Time Capsule at home and still be able to access the company's internal network.
I'm using Leopard's built-in VPN client. I've tried unchecking "Send all traffic over VPN connection." If I do that I will lose access to my company's internal websites be it via curl or the web browser (though internal IPs are still reachable). It'd be ideal if I can selectively choose a set of IPs or domains to be routed through VPN and keep the rest on my own network. Is this achievable with Leopard's built-in VPN client?
Solution 1:
Create the file /etc/ppp/ip-up with following content:
#!/bin/sh
/sbin/route add <SUBNET> -interface $1
replacing <SUBNET> with subnet, you want to route through VPN (for ex. 192.168.0.0/16)
execute as root:
chmod 0755 /etc/ppp/ip-up
This file will be executed each time you connect to VPN.
The parameters given to the script:
-
$1: The VPN interface (e.g.ppp0) -
$2: Unknown, was0in my case -
$3: IP of the VPN server -
$4: VPN gateway address -
$5: Regular (non-vpn) gateway for your lan connections
Solution 2:
There is a hidden feature in Network Preferences on MacOS: you can sort interfaces.
Open System Preferences -> Network -> Click the gear bottom left -> Set service Order...
It's critical that you have your network interfaces sorted into the order you want them to be used. If you want ALL non-LAN data to go to the VPN, put the VPN interface at the top. Sort like this
- VPN
- Ethernet
- Airport
Not like this:
- Airport
- Ethernet
- VPN
This way, no need to check the following setting in Session Options:
Send all traffic over VPN connection
✅ Tested on L2TP VPN connection