Route only certain IP range with VPN connection

Question

We are using FortiClient to connect to one of our client's VPN. Unfortunately, FortiClient is routing all the traffic over VPN as default.

We have found a way around it, for Linux. After connecting with VPN we run:

sudo route del default ppp0
sudo route add -net 172.20.0.0 netmask 255.255.0.0 dev ppp0

And now, only the addresses starting with 172.20.x.x are resolved over VPN connection.

Now, I am using FortiClient 5.4 on Mac OS X 10.11.6 and I am trying to remake the above to work on Mac OS X. Basically I have problems even with the first step. I have tried:

sudo route delete -net default -ifp ppp0

But the routing still does not work expected. Easily to test, because there is no Internet connection behind the VPN - I can not browse/ping any website :-).

What am I doing wrong? Thanks for help!

Answer 1

Beside Atais First answer, For new ip command here is the solution.

sudo ip r del default

# second address is Gateway
sudo ip r add 192.168.5.0/24 via 192.168.138.224

First one will remove default rote which is set to my ppp0 VPN connection, And then second one, add route only for specific IP rage to company Gateway.

Answer 2

I used this question to help me out and it turned out I needed one extra command.

Basically the working solution for Mac OS X 10.11.6 goes as follows:

sudo route delete -net default -interface ppp0
sudo route add -net 0.0.0.0 -interface en0
sudo route add -net 172.20.0.0 -netmask 255.255.0.0 -interface ppp0

Which basically means:

1. Delete default route on interface ppp0 which was set by FortiClient
2. Add default route for every IP on your default interface (for me en0)
3. Route the specific IP range through ppp0 (FortiClient) interface.

Linux equivalent, as mentioned in the question, is:

sudo route del default ppp0
sudo route add -net 172.20.0.0 netmask 255.255.0.0 dev ppp0

So you actually skip the step #2.

Not that hard in the end.