0

I have following problem: I need to connect to VPN and access specific resources (ip addresses). When I connect to VPN all network traffic goes through VPN but in fact I need only specific destinations to be accessed over VPN and the rest of the traffic to go through default route and avoid VPN.

Here is the result of netstat -nr

Before I connect to VPN:

Routing tables

Internet:
Destination        Gateway            Flags        Refs      Use   Netif Expire
default            192.168.0.1        UGScI          19        0     en1

After I connect to VPN:

Routing tables

Internet:
Destination        Gateway            Flags        Refs      Use   Netif Expire
default            10.1.1.1        UGSc          123     3744    jnc0
default            192.168.0.1        UGScI          19        0     en1

So as you can see I have 2 default routes after VPN connected. All internet traffic goes through the first default route which is undesirable behaviour.

Is there a way to set priority for the default route? So all traffic by default doesn't go through VPN but only manually created routes redirect to VPN i.e. sudo route -n add 172.0.0.1 10.1.1.1

endryha
  • 111
  • 2
  • 4
  • Talk with your VPN provider and ask them to enable split tunnelling. – EEAA Nov 30 '15 at 19:26
  • It seems it is enabled because under ubuntu I have a script which creates appropriate routes and set priority to custom split route table but I am not sure how to do this on OS X. If interested take a look at http://apple.stackexchange.com/questions/217700/how-to-set-up-routing-tables-on-os-x-to-redirect-vpn-traffic – endryha Nov 30 '15 at 19:32
  • Please provide details on the VPN server configuration. – EEAA Nov 30 '15 at 19:34
  • Are you using L2TP VPN configured in the OS X Network System Preferences? If so, have you verified that if you go to  > System Preferences > Network > select your VPN interface on the left pane > Advanced... > Options > deselect the "Send all traffic over VPN connection" option? – sardean Nov 30 '15 at 22:06
  • Duplicate of http://serverfault.com/questions/247135/force-juniper-network-client-to-use-split-routing – damolp Dec 02 '15 at 04:45
  • I am using Juniper client to connect to VPN network – endryha Dec 03 '15 at 09:05

1 Answers1

0

Yes, you can delete the default route (for the VPN) and then set up new route(s) for only those networks/address that you want to get routed through the VPN. Use sudo route delete to delete routes.

apocalysque
  • 399
  • 2
  • 8