% AnalysisMan, Friday, November 6, 2020 ### How to add and delete Static Routes on macOS (persistently) #### Problem I have several networks at home, including 192.168.1.0/24 and 192.168.2.0/24. A problem occurred when I connected to a VPN site because it gives a route with 192.168.2.0/23. So my traffic on 192.168.2.0/24 routed through the VPN tunnel instead of my internal home network. Therefore, I need to add a static route on my MacBook Pro. #### Solution Here is how to add or delete a static route on macOS. As you see below, I received the 192.168.2.0/23 route from the VPN, and it routes through the tunnel interface, utun3. First, disconnect the VPN and add a static route as described below. ### To view the routing table: You can use the following command " " and use ' ' to filter with a specific network on the Terminal. #### ▶ Method 1. Add a static route temporarily ### To add a static route: ### To verify the route you added: Now, 192.168.2.0/24 routes through my Ethernet interface, en10. ### To delete a static route: #### ▶ Method 2. Add a static route persistently The above route will be gone if you reboot your Mac. You need to add a static route permanently if you want to keep this route persistently. ### To verify the route your interface: ### To list devices (network adapters): Or ### To list devices with the interface number: I prefer this command because it also shows the ethernet number (e.g. en10). ### To add a static route permanently: ### To verify the route you added: ### To delete this permanent route: Use without the address, netmask, and gateway. ### To see all commands: Or #### 10 comments: Thanks! Hi AnalysisMan Would you be able to help me with where/which file stores the route information that is displayed when we execute netstat -ln Regards Vinay Chandran In Macbook that is I refer to this page every so often, I appreciate you keeping this up. Very helpful! Thanks for this post. It was very useful. Just my additional 2 cents - We can also get the configured permanent static routes using: networksetup -getadditionalroutes "USB 10/100/1000 LAN" . Also, if we want to add multiple routes permanently then we can add additional tuples on the same command. Eg., sudo networksetup -setadditionalroutes "Wi-Fi" 192.168.230.0 255.255.255.0 192.168.20.82 192.168.68.0 255.255.255.0 192.168.20.82 Life saver hack! Thanks a lot! I'm doing something wrong. I work from home and connect to my company's VPN. I need an SMB connection to our file server, which has the IP 192.168.2.108. VPN My network at home has the IP 192.168.68.1. Tunnel Interface is utun3. When I run the command sudo networksetup -setadditionalroutes "VPN Work" 192.168.2.108 255.255.255.0 192.168.68.1 my browser traffic goes through the VPN instead of my home network. What am I doing wrong? I run a bittorent server for openSource Linux distros. Over time I have manually blocked literally thousands of leachers and downloaders who I do not want to have access my system, as well as blocking 10s of 1,000s of botnets by firewalls. I have migrated my firewall settings to static routes blocked and the performance is much better. I'm just having trouble consistently adding ip6 addresses to be blocked. Beforehand, I enter the thousands of addresses I have collected to be blocked into JSON array lookup tables, to be accessed by a python script that reads them and inserts them into an iterating command line by nested for-loops. I always debug by entering the command first on a command line before automating the process. Example: I have been trying to set a permanent static route on my Mac using: networksetup -setadditionalroutes "Ethernet" 2408:8266:: ffff:ffff:fffc:0000:0000:0000:0000:0000 ::1 which returns: Route destination 2408:8266:: is not a valid IP address. ** Error: The parameters were not valid. ≈≈≈ That is not true as it is the top address of the CHINA UNICOM China169 Backbone server, from which I get scores of leachers and people who try to get past my firewall. as well as trying: ifconfig en0 inet6 2408:8266:: prefixlen 32 alias which blocks everything in 2408:8266::/32 except 2408:8266:: itself. My question is a) can networksetup -setadditionalroutes accept ip6 addresses and how? b) if not, can ifconfig block the root address of 2408:8266::/32? I would prefer a network setup solution because they much easier to clear than ifconfig ones. Removing ifconfig entries can take hours, one and a time whereas networksetup just clears the service by name (Ethernet, WiFi, VPN) in moments On a parallel theme, is there away to wipe all the static route entries from my Mac, especially those put in by ifconfig in one fell swoop so I can re-enter them cleanly? Help is much appreciated. Post a Comment ## About Network + Security ## Search This Blog ## Featured Post ### Palo Alto firewall - Troubleshooting High DP CPU ## Popular Posts - How to add and delete Static Routes on macOS (persistently) - Free Visio Stencils Download for Network Diagram - Extreme Switch - Reset to factory default when the password is unknown - Palo Alto firewall - Reset to Factory Default (3 cases) - Palo Alto firewall - How to clean up disk space - Palo Alto firewall - How to configure the Management IP via CLI - Extreme Switch - Reset to factory default ## Tags ## Links - LinkedIn Posts - AnalysisMan's Second Brain ## Blog Archive - Home