How to selectively route network traffic through VPN on Mac OS X Leopard?

Question

I don't want to send all my network traffic down to VPN when I'm connected to my company's network (via VPN) from home. For example, when I'm working from home, I would like to be able to backup all my files to the Time Capsule at home and still be able to access the company's internal network.

I'm using Leopard's built-in VPN client. I've tried unchecking "Send all traffic over VPN connection."  If I do that I will lose access to my company's internal websites be it via curl or the web browser (though internal IPs are still reachable).  It'd be ideal if I can selectively choose a set of IPs or domains to be routed through VPN and keep the rest on my own network.  Is this achievable with Leopard's built-in VPN client?  If you have any software recommendations, I'd like to hear them as well.

Aleksei Balandin · Answer

Create the file /etc/ppp/ip-up with following content: #!/bin/sh /sbin/route add -interface $1 replacing with subnet, you want to route through VPN (for ex. 192.168.0.0/16) execute as root: chmod 0755 /etc/ppp/ip-up This file will be executed each time you connect to VPN. The parameters given to the script: $1: The VPN interface (e.g. ppp0) $2: Unknown, was 0 in my case $3: IP of the VPN server $4: VPN gateway address $5: Regular (non-vpn) gateway for your lan connections

user31513 · Answer

There is a hidden feature in Network Preferences on MacOS: you can sort interfaces.

Open System Preferences -> Network -> Click the gear bottom left -> Set service Order...

It's critical that you have your network interfaces sorted into the order you want them to be used. If you want ALL non-LAN data to go to the VPN, put the VPN interface at the top. Sort like this

VPN
Ethernet
Airport

Not like this:

Airport
Ethernet
VPN

This way, no need to check the following setting in Session Options:

Send all traffic over VPN connection

✅ Tested on L2TP VPN connection

Martin Hilton · Answer

I wanted to do a similar thing. Connect the VPN and then route an additional network via that VPN. I ended up with the following bit of Applescript:

-- Connect Work VPN

tell application "System Events"
    tell network preferences
        tell current location
            tell service "Work"
                connect
                tell current configuration
                    repeat until get connected = true
                        delay 1
                    end repeat
                end tell
            end tell
        end tell
    end tell
end tell

set gateway to "192.168.1.1"

do shell script "route add 172.16.0.0/16 " & gateway with administrator privileges

You need to change "Work" to the name of your VPN connection, 192.168.1.1 to your gateway address, and 172.16.0.0/16 to the address of the network to which you wish to route. Additional networks can be added by repeating the final line with different addresses.

Alexis Hirst · Answer

I have had a look online to see if I can find anything, and as far as I can understand you seem to want to be able to use your computer like normal, while also being able to connect to internal company websites, so, you may need to set up a custom routing table.
This link apparently only applies to 10.4, but the command line stuff may still work.

How to selectively route network traffic through VPN on Mac OS X Leopard?

4 Answers

Add your own answers!

Ask a Question