I have an VPN application that creates a logical interface in OS X programmatically.
Once created, its configured with private IP and parameters and the Routing Table is updated accordingly.
The initially presented 'default gateway of the physical interface' is deleted.
The 'default gateway of the logical interface is added' programmatically.
After sometime the Mac OS X system itself updates the routing table with the 'default gateway of the physical interface' and it looks like below
Destination Gateway Flags Refs use Netif Expire
--------------------------------------------------------------------
default xxx.xx.x.x UGSc 1 0 en3
default yyy.yyy.y.y UGScI 1 0 en1
- en3: logical interface created by application
- en1: physical interface
According to the above routing entries, all the traffic is routed to the logical interface created by application. This is ok in normal scenarios.
Requirement:
I need to route only specific destination IPs through the logical interface.
All remaining traffic should be routed through the physical interface directly.
Issue faced:
Once the default route for the logical interface is added, all the traffic is routed through. Got no control over it.
Even if the application is prevented from adding the route for logical interface, the Mac OS X system updates the routing table and sets the default to the logical interface only.
Hence not able to achieve the requirement.
Best Answer
Almost all vpn clients and servers support split tunneling. This is nearly always something you need to set up server side and not client side.
If you control the server side see Mac Pro: Splitting network traffic based on destination
If not, see Routing all traffic except a few IP-ranges though default gateway in Mountain Lion