Atais Atais - 1 month ago 5x
Linux Question

Route only certain IP range with VPN connection

We are using

to connect to one of our client's VPN. Unfortunately,
is routing all the traffic over VPN as default.

We have found a way around it, for Linux. After connecting with VPN we run:

sudo route del default ppp0
sudo route add -net netmask dev ppp0

And now, only the addresses starting with
are resolved over VPN connection.

Now, I am using
FortiClient 5.4
Mac OS X 10.11.6
and I am trying to remake the above to work on
Mac OS X
. Basically I have problems even with the first step. I have tried:

sudo route delete -net default -ifp ppp0

But the routing still does not work expected. Easily to test, because there is no Internet connection behind the VPN - I can not browse/ping any website :-).

What am I doing wrong? Thanks for help!


I used this question to help me out and it turned out I needed one extra command.

Basically the working solution for Mac OS X 10.11.6 goes as follows:

sudo route delete -net default -interface ppp0
sudo route add -net -interface en0
sudo route add -net -netmask -interface ppp0

Which basically means:

  1. Delete default route on interface ppp0 which was set by FortiClient
  2. Add default route for every IP on your default interface (for me en0)
  3. Route the specific IP range through ppp0 (FortiClient) interface.

Linux equivalent, as mentioned in the question, is:

sudo route del default ppp0
sudo route add -net netmask dev ppp0

So you actually skip the step #2.

Not that hard in the end.