Atais Atais - 2 months ago 9
Linux Question

Route only certain IP range with VPN connection

We are using

FortiClient
to connect to one of our client's VPN. Unfortunately,
FortiClient
is routing all the traffic over VPN as default.

We have found a way around it, for Linux. After connecting with VPN we run:

sudo route del default ppp0
sudo route add -net 172.20.0.0 netmask 255.255.0.0 dev ppp0


And now, only the addresses starting with
172.20.x.x
are resolved over VPN connection.

Now, I am using
FortiClient 5.4
on
Mac OS X 10.11.6
and I am trying to remake the above to work on
Mac OS X
. Basically I have problems even with the first step. I have tried:

sudo route delete -net default -ifp ppp0


But the routing still does not work expected. Easily to test, because there is no Internet connection behind the VPN - I can not browse/ping any website :-).

What am I doing wrong? Thanks for help!

Answer

I used this question to help me out and it turned out I needed one extra command.

Basically the working solution for Mac OS X 10.11.6 goes as follows:

sudo route delete -net default -interface ppp0
sudo route add -net 0.0.0.0 -interface en0
sudo route add -net 172.20.0.0 -netmask 255.255.0.0 -interface ppp0

Which basically means:

  1. Delete default route on interface ppp0 which was set by FortiClient
  2. Add default route for every IP on your default interface (for me en0)
  3. Route the specific IP range through ppp0 (FortiClient) interface.

Linux equivalent, as mentioned in the question, is:

sudo route del default ppp0
sudo route add -net 172.20.0.0 netmask 255.255.0.0 dev ppp0

So you actually skip the step #2.

Not that hard in the end.