Unable to route local traffic around VPN on macOS 10.14

0

I have a VPN setup (Freedome by F-Secure) that routes all traffic through the VPN's utun1 interface. However, I want to exempt traffic to a local vboxnet1 interface running virtual machines through VirtualBox.

$ sudo netstat -nr | grep utun1

0/1                198.bb.cc.dd      UGSc           90        0   utun1       
128.0/1            198.bb.cc.dd      UGSc           40        0   utun1           

$ ifconfig vboxnet1

vboxnet1: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1500
        ether 0a:00:27:00:00:01 
        inet 192.168.99.1 netmask 0xffffff00 broadcast 192.168.99.255

I have set up the following route to route traffic for this subnet to the vboxnet1 interface:

$ sudo route add 192.168.99 -interface vboxnet1
$ sudo netstat -nr -f inet | grep vbox

192.168.99         link#20            UC              2        0 vboxnet      !
192.168.99.100     8:0:27:7b:8a:9a    UHLWI           0       10 vboxnet    856

Inspecting the route using route get gives two results (not sure why it some times differs without having changed anything):

$ route get 192.168.99.100

   route to: 192.168.99.100
destination: 192.168.99.0
       mask: 255.255.255.0
  interface: vboxnet1
      flags: <UP,DONE,CLONING>
 recvpipe  sendpipe  ssthresh  rtt,msec    rttvar  hopcount      mtu     expire
       0         0         0         0         0         0      1500     -4494

and some times:

   route to: 192.168.99.100
destination: 192.168.99.100
  interface: vboxnet1
      flags: <UP,HOST,DONE,LLINFO,WASCLONED,IFSCOPE,IFREF>
 recvpipe  sendpipe  ssthresh  rtt,msec    rttvar  hopcount      mtu     expire
       0         0         0         0         0         0      1500     -4588

Inspecting the arp cache looks fine as well:

$ sudo arp -a | grep vboxnet1
? (192.168.0.99) at a:0:27:0:0:1 on vboxnet1 permanent [ethernet]
? (192.168.99.1) at a:0:27:0:0:1 on vboxnet1 ifscope permanent [ethernet]
? (192.168.99.100) at (incomplete) on vboxnet1 ifscope [ethernet]

However pinging the virtual machine address 192.168.99.100 gives no result:

$ ping 192.168.99.100

PING 192.168.99.100 (192.168.99.100): 56 data bytes
Request timeout for icmp_seq 0
Request timeout for icmp_seq 1
Request timeout for icmp_seq 2
Request timeout for icmp_seq 3
^C
--- 192.168.99.100 ping statistics ---
5 packets transmitted, 0 packets received, 100.0% packet loss

Once I disconnect from VPN ping works:

$ ping 192.168.99.100

PING 192.168.99.100 (192.168.99.100): 56 data bytes
64 bytes from 192.168.99.100: icmp_seq=0 ttl=64 time=0.342 ms
64 bytes from 192.168.99.100: icmp_seq=1 ttl=64 time=0.334 ms
64 bytes from 192.168.99.100: icmp_seq=2 ttl=64 time=0.352 ms
64 bytes from 192.168.99.100: icmp_seq=3 ttl=64 time=0.332 ms
64 bytes from 192.168.99.100: icmp_seq=4 ttl=64 time=0.244 ms
^C
--- 192.168.99.100 ping statistics ---
5 packets transmitted, 5 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 0.244/0.321/0.352/0.039 ms

Have I missed something for why this would not be working?

Hans Kristian

Posted 2019-07-26T12:07:17.627

Reputation: 101

No answers

Asked: 2019-07-26T12:07:17.627

Viewed: 36 times

Active: 2019-07-26T12:07:17.627