L2TP Split Tunneling Selective Routing on macOS VPN for UDM Installs

~ 0 min
2022-02-05 17:51

We've been replacing many Ubiquiti EdgeRouters in our client environments to UDM Pros. One quirk of the EdgeRouter is you were able to L2TP into a LAN subnet. UniFi never let this occur, now or in the past. You were forced to create a separate network and route the the LAN via sending all traffic over VPN, or adding routes. 

Most of our system installs have a Windows server running SSTP for the Windows-based clients. Some require L2TP for Mac or Linux clients. Here's how to selectively route to your LAN on macOS while NOT sending all traffic. Note: The file below will run on any VPN connection so it may not be a good solution for multiple VPNs on the same Mac. Typically our clients' users only use the a single VPN and nothing else.

Create the file /etc/ppp/ip-up with following content:

#!/bin/sh
/sbin/route add <SUBNET> -interface $1 

Replace <SUBNET> with subnet, you want to route through VPN (for ex. 192.168.0.0/16)

execute as root:

chmod 0755 /etc/ppp/ip-up

This file will be executed each time you connect to VPN.

The parameters given to the script:

  • $1: The VPN interface (e.g. ppp0)
  • $2: Unknown, was 0 in my case
  • $3: IP of the VPN server
  • $4: VPN gateway address
  • $5: Regular (non-vpn) gateway for your lan connections

Credit to this Superuser post from 12 years ago!

Average rating 0 (0 Votes)

You cannot comment on this entry