macOS: How to add a static route

Adding static routes to macOS is often needed if you deal with multiple connections and split tunneling, where you don’t want all traffic to go over one single network adapter.

Fortunately, it is easy to assign static routes to macOS and you have the choice of them being temporary or persistent. Both types are explained in this article.

Temporary static route

If you want your mac to connect to the IP 10.10.10.5 over the Gateway 192.169.100.1, we add the following route.

Add a temporary static route in macOS:

# sudo route -nv add -net 10.10.10.0/24 192.168.100.1

Where 10.10.10.0 is the subnet with a /24 mask and 192.168.100.1 is the router

Now let's look at the example if you don't want to assign the route to a specific IP but to a named connection.

# sudo route -nv add -net 10.10.10.0/24 -interface ppp0

Please not, that the rules above are only temporary, which means they get dropped as soon as you close the (VPN) connection. If you'd like to add persistent routes which remain intact over multiple connections, please follow the steps below.

Persistent static route

It is exactly as easy to add persistent routes to macOS like this:

First, let's list all our network devices in order to find the name we need later:

# networksetup -listallnetworkservices
An asterisk (*) denotes that a network service is disabled.
USB 10000Mbit LAN
MyVPN
Wi-Fi
Thunderbolt Bridge

Let's take MyVPN as an example. Now we want to add a persistent static route to this network.
The networksetup command accepts the following structure:
# networksetup -setadditionalroutes Interface Subnet Subnetmask Router

Set up a Persistent Static Route in macOS:

# networksetup -setadditionalroutes "MyVPN" 10.10.10.0 255.255.255.0 192.168.100.1

Like this, we add one route to the Network "MyVPN".

In case you want to add multiple static routes, we have to add these concatenated after each other

# networksetup -setadditionalroutes "MyVPN" 10.10.10.0 255.255.255.0 192.168.100.1 10.10.50.0 255.255.255.0 192.168.100.95

You can add as many routes as you want, as long as you follow the structure # networksetup -setadditionalroutes Interface [Subnet Subnetmask Router] [Subnet Subnetmask Router] [Subnet Subnetmask Router]

Note that each issue of the command networksetup -setadditionalroutes "MyVPN" overwrites previous settings. You cannot add multiple static routes by issuing the command multiple times to set them with one command.

To delete persistent static routes, just enter

# networksetup -setadditionalroutes "MyVPN"

This will delete all the previously set routes.

Sometimes you want to set a route that takes a dynamic Router IP/Subnet as a parameter. This is necessary if a VPN assigns you to a virtual router IP that changes. But in this case, you'd know in which subnet range this dynamic router ip will get assigned, so we can simply set a whole subnet for the router parameter:

Add Persistent Static Route with Dynamic Router IP/Subnet:

# networksetup -setadditionalroutes "MyVPN" 10.10.10.0 255.255.255.0 192.168.100.0/24

Note the last part has changed to 192.168.100.0/24 instead of 192.168.100.x and is now dynamic. And like this, you can also add multiple static routes to the interface with multiple dynamic router subnets:

# networksetup -setadditionalroutes "MyVPN" 10.10.10.0 255.255.255.0 192.168.100.0/24 10.10.50.0 255.255.255.0 192.168.150.0/24

Troubleshooting

Sometimes, macOS could mix up the default gateway of your system if you mess around a lot with routes, VPNs, and network connections. In this case, just enter:

# route change default 192.168.1.1

Where 192.168.1.1 is the IP address of your desired default gateway.

To check your active Routes, use:

netstat -rn

Important: This only shows the routes of active connections. So, if you want to see a route of a connection (and VPN), connect first and then issue the netstat -rn command. Now you'll see the applied routes.