Mac Route Command for VPN
Terminal Guide
Key Takeaways
The route command lets you manually add or remove network routes on macOS
You can bypass VPN for specific IPs or networks using route commands
Manual routes are temporary and IP-based—SplitTunnel provides persistent per-app routing
What Is the Route Command?
The route command is a Unix utility for managing the network routing table. On macOS, it's available via Terminal and lets you control where network packets are sent.
- •
Requires sudo (administrator privileges)
- •
Adds, deletes, or changes network routes
- •
Affects where packets are sent—VPN or direct
- •
Changes take effect immediately
Basic Route Command Syntax
# View current routing table
netstat -rn
# Add a route
sudo route add [-net|-host] <destination> <gateway>
# Delete a route
sudo route delete [-net|-host] <destination>Viewing Current Routes
# Show all routes
netstat -rn
# Output columns:
# Destination - Target IP/network
# Gateway - Next hop
# Flags - Route status (U=up, G=gateway)
# Netif - Network interface (en0, utun0)
# Find default route
netstat -rn | grep defaultAdding Routes to Bypass VPN
Route a Single IP Direct
# Bypass VPN for specific IP (e.g., Google DNS)
sudo route add -host 8.8.8.8 -interface en0Route a Subnet Direct
# Bypass VPN for local network
sudo route add -net 192.168.1.0/24 -interface en0Route Through Specific Gateway
# Route through your home router
sudo route add -net 10.0.0.0/8 192.168.1.1Common VPN Bypass Scenarios
# Access local devices while on VPN
sudo route add -net 192.168.1.0/24 -interface en0
# Route to local printer
sudo route add -host 192.168.1.100 -interface en0
# Bypass VPN for specific service IP
sudo route add -host 54.230.100.50 -interface en0These routes only work for specific IPs. Services like Netflix or Spotify use thousands of IPs across CDNs—you can't realistically route them all.
Finding the Right Interface
# List network interfaces
ifconfig
# Common interfaces:
# en0 - WiFi
# en1 - Ethernet (or second WiFi)
# utun0 - VPN tunnel
# Find active interface for default route
route get default | grep interfaceRoute Command Flags
- •
-net — Route to a network (use with CIDR notation)
- •
-host — Route to a single IP address
- •
-interface — Specify output interface (en0, utun0)
- •
-gateway — Specify next hop IP address
Deleting Routes
# Delete specific host route
sudo route delete -host 8.8.8.8
# Delete network route
sudo route delete -net 192.168.1.0/24
# Delete default route (careful!)
sudo route delete defaultLimitations of Manual Routes
- •
Temporary — Routes reset when VPN reconnects
- •
IP-based only — Can't route by application
- •
Requires sudo — Need admin password each time
- •
Manual process — Must re-run after network changes
- •
Error-prone — Wrong route can break connectivity
- •
CDN problem — Services use many IPs you can't track
Making Routes Persistent (The Hard Way)
You can script route commands to run after VPN connects, but it's complex:
- •
Create shell script with route commands
- •
Set up LaunchDaemon to run on network change
- •
Or configure VPN client post-connect script
- •
Still only works for specific IPs, not apps
- •
Breaks when service IPs change
SplitTunnel: The Easier Alternative
Instead of wrestling with route commands, SplitTunnel provides per-app routing:
- •
No Terminal required
- •
Route by application, not just IP
- •
Persistent across VPN reconnects
- •
Visual interface for managing routes
- •
No sudo or admin password needed
- •
Handles CDN services automatically
Route Spotify direct regardless of which servers it uses. No need to track IP addresses.
When to Use Route Command
The route command is still useful for:
- •
Quick one-off testing
- •
Diagnosing routing issues
- •
Learning how network routing works
- •
Temporary fixes when you don't need persistence
For day-to-day per-app VPN control, SplitTunnel is the practical choice.
Frequently Asked Questions
Route Without Commands
Per-app VPN routing without Terminal. Persistent rules that survive reconnects.
7-day free trial · Cancel anytime