macOS Catalina 10.15.2
WiFi on en0 (MAC xx:xx:xx:xx:85:80)
VPN — Wireguard CLI (utun2)
I have a permanent VPN connection and all traffic is going through it. But I need to route traffic for music.yandex.ru (213.180.204.186) to the Wi-Fi connection.
I used the command route add -host music.yandex.ru -interface en0 to do it. The resulting routing table (netstat -nr) is below:
Destination Gateway Flags Netif Expire
0/1 utun2 USc utun2
default 192.168.43.63 UGSc en0
10.217.47.164 10.217.47.164 UH utun2
127 127.0.0.1 UCS lo0
127.0.0.1 127.0.0.1 UH lo0
128.0/1 utun2 USc utun2
169.254 link#5 UCS en0 !
190.2.141.162 192.168.43.63 UGHS en0
192.168.43 link#5 UCS en0 !
192.168.43.42/32 link#5 UCS en0 !
192.168.43.63/32 link#5 UCS en0 !
192.168.43.63 0:a:f5:12:f9:98 UHLWIir en0 1197
213.180.204.186 xx:xx:xx:xx:85:80 UHLS en0
224.0.0/4 link#5 UmCS en0 !
224.0.0.251 1:0:5e:0:0:fb UHmLWI en0
255.255.255.255/32 link#5 UCS en0 !
But after adding the route for music.yandex.ru it becomes unreacheable. I don't get any ping returns.
Then, I used direct forward to my gateway IP by route add -host music.yandex.ru 192.168.43.63
Internet:
Destination Gateway Flags Netif Expire
0/1 utun2 USc utun2
default 192.168.43.63 UGSc en0
10.217.47.164 10.217.47.164 UH utun2
127 127.0.0.1 UCS lo0
127.0.0.1 127.0.0.1 UH lo0
128.0/1 utun2 USc utun2
169.254 link#5 UCS en0 !
190.2.141.162 192.168.43.63 UGHS en0
192.168.43 link#5 UCS en0 !
192.168.43.42/32 link#5 UCS en0 !
192.168.43.63/32 link#5 UCS en0 !
192.168.43.63 0:a:f5:12:f9:98 UHLWIir en0 1200
213.180.204.186 192.168.43.63 UGHS en0
224.0.0/4 link#5 UmCS en0 !
224.0.0.251 1:0:5e:0:0:fb UHmLWI en0
255.255.255.255/32 link#5 UCS en0 !
And everything works as I want. But I need to use the network interface instead of the gateway IP, because it usually changes from time to time.
How can I set proper redirection?
Best Answer
Your usage of the
-interfaceoption is faulty. As the router's man pageman routerdescribes:The host music.yandex.ru (213.180.204.186) is no destination directly reachable via en0. It requires at least one intermediary system (your Wi-Fi router) to reach this host.
Compare this with your router:
The router's Wi-Fi interface is "directly connected" to your Mac's Wi-Fi interface. 0:a:f5:12:f9:98 is your router's MAC-address (some Airgo/Qualcomm device).
Additional background: The MAC address is an address of a node on the data link layer (layer 2). Layer 2 has no routing capability. Routing is done on the network layer (layer 3) - nodes of the network layer have IP addresses!
If your VPN app doesn't provide the feature to route single IP-addresses to the system's default gateway (the IP address of your Wi-Fi router), you indeed have to create static routes.
To deal with changing networks (and thus changing default gateways) simply create different locations in System Preferences > Network > Location.