OSX VPN Not Routing Intranet Traffic

Mostly so I can find this again if I need it

I was sitting in the waiting room at the local auto shop waiting for them to finish up looking at my brakes and tried to connect our corporate VPN so I could look into some error emails I was getting.

Unfortunately I was unable to git pull the latest version of the code in question. I was getting an error about being unable to ssh to the git server.

That’s odd, usually if the VPN connects OK, I have no problems accessing the internal resources. Using ping to check the connection, I noticed that the internal traffic was not being routed over the VPN and the connection was being dropped by the local WIFI’s router.

It turns out that both my VPN and the WIFI connection I was using are configured to use 10.*.*.* IP addresses. So when I tried to ping 10.24.1.1, the internal IP of the git server, OSX was routing the data to the local WIFI instead of out over the VPN.

If only I could configure the network stack to send traffic to 10.24.*.* through the VPN!

Routing tables to the rescue.

Just have to whip open a Terminal and do the following:

$ sudo route add -net 10.24 -interface ppp0
add net 10.24: gateway ppp0

This adds a route such that any destination IP matching 10.24.*.* is sent out through the ppp0 interface (the VPN). 1

To remove it later, just use the route delete command:

$ sudo route delete -net 10.24
delete net 10.24

You can also use netstat to view the table if you forget what you’ve configured.

$ netstat -nr
Routing tables

Internet:
Destination        Gateway            Flags        Refs      Use   Netif Expire

...

10.24/16           ppp0               USc            10        0    ppp0

...

Thanks to Marcus Wilhelmsson for his post pointing me in the right direction. He also gives a tip for configuring the VPN system to automatically re-add your routes everytime you connect.


  1. 1.You can see the existing interfaces with the ifconfig command