macOS: How to add a static route

Adding static routes to macOS is often needed if you deal with multiple connections and split tunneling, where you don’t want all traffic to go over one single network adapter. Instead, you want to define which traffic should be routed through which interface.

Fortunately, it is easy to assign static routes to macOS and you have the choice of them being temporary or persistent. Both types are explained with examples in this article.

Temporary static routes

If you want your mac to connect to the IP 10.10.10.5 over the Gateway 192.169.100.1, we add the following route.

Add a temporary static route in macOS:

# sudo route -nv add -net 10.10.10.0/24 192.168.100.1

Where 10.10.10.0 is the subnet with a /24 mask and 192.168.100.1 is the router

Now let's look at the example if you don't want to assign the route to a specific router-IP but to a named connection:

# sudo route -nv add -net 10.10.10.0/24 -interface ppp0

Please note that the rules above are only temporary, which means they get dropped as soon as you close the (VPN) connection or reboot your mac. If you'd like to add persistent routes which remain intact over multiple connections and restarts, please follow the steps below.

Persistent static routes

It is exactly as easy to add persistent routes to macOS as it is to add temporary routes:

First, let's list all our network devices in order to find the name of our interface (we need it later):

# networksetup -listallnetworkservices
An asterisk (*) denotes that a network service is disabled.
USB 10000Mbit LAN
MyVPN
Wi-Fi
Thunderbolt Bridge

Let's take the VPN called "MyVPN" as an example. Now we want to add a persistent static route to this network. The networksetup command accepts the following structure:
# networksetup -setadditionalroutes Interface Subnet Subnetmask Router

Set up a Persistent Static Route in macOS:

# networksetup -setadditionalroutes "MyVPN" 10.10.10.0 255.255.255.0 192.168.100.1

Where in the example above, 10.10.10.0 is the Subnet, 255.255.255.0 is the subnet mask and 192.168.100.1 is the router. Like this, we add one route to the Network "MyVPN".

In case you want to add multiple static routes, we have to add these concatenated after each other

# networksetup -setadditionalroutes "MyVPN" 10.10.10.0 255.255.255.0 192.168.100.1 10.10.50.0 255.255.255.0 192.168.100.95

You can add as many routes as you want, as long as you follow the structure # networksetup -setadditionalroutes Interface [Subnet] [Subnetmask] [Router] [Subnet] [Subnetmask] [Router] ...

Generally, if you re-issue the command networksteup -setadditionalroutes "MyVPN" [...], please note that the new route definitions are not appended to the old ones but instead overwrite the existing route(s). So if you want to add 2 routes but you already have one, you need to issue the command whith both routes at once.

To delete persistent static routes in macOS, just enter

# networksetup -setadditionalroutes "MyVPN"

This will delete all the previously set routes.

Add Persistent Static Route with Dynamic Router IP/Subnet:

Sometimes you want to set a static route that takes a dynamic Router IP/Subnet as a parameter. This is necessary if a VPN assigns you to a virtual router IP that is subject to change. But in this case, you would know in which subnet range this dynamic router ip will get assigned, so we can simply set a whole subnet for the router parameter:

# networksetup -setadditionalroutes "MyVPN" 10.10.10.0 255.255.255.0 192.168.100.0/24

Note the last part has changed to 192.168.100.0/24 instead of 192.168.100.x and is now dynamic. And like this, you can also add multiple static routes to the interface with multiple dynamic router subnets:

# networksetup -setadditionalroutes "MyVPN" 10.10.10.0 255.255.255.0 192.168.100.0/24 10.10.50.0 255.255.255.0 192.168.150.0/24

Troubleshooting

Sometimes, macOS could mix up the default gateway of your system if you mess around a lot with routes, VPNs, and network connections. In this case, just enter:

# route change default 192.168.1.1

Where 192.168.1.1 is the IP address of your desired default gateway.

To check your active Routes, use:

netstat -rn

Important: This only shows the routes of active connections. So, if you want to see a route of a connection (and VPN), connect first and then issue the netstat -rn command. Now you'll see the applied routes.