Disable CISCO VPN client routing for selected subnet on Mac OS X

Question

I'm using a Mac laptop and when I am connected to the CISCO VPN, all traffic is routed through the tunnel. However I need to run a VM (VirtualBox with Ubuntu as guest) for certain services. VM is connected with host via Host-Only network (192.168.56.0/24). When the VPN is connected even traffic to this address range are also sent to the VPN so I can't connect to the VM anymore.

I've tried to mess around with route command a bit. When I tried

route change -net 192.168.56.0/24 192.168.56.1

to setup the route, I got sendto: Permission denied when I try to ping VM address.

What would be the correct route setup so I can connect to the VM (through vboxnet1 interface) while leave all other traffic through the VPN?

Answer 1

Finally I have figured out the reason for the "sendto: permission denied" error.

The routing table was added correctly. The problem comes from that Cisco AnyConnect VPN Client would automatically block any other traffic by modifying firewall (ipfw) rules on the host, adding one line like

01200  667 136583 deny ip from any to any

Removing this rule by

sudo ipfw delete 01200

will do.

Solution thanks to http://www.petefreitag.com/item/753.cfm

Answer 2

Try re-running the command with sudo. Since you are modifying routing tables at a system level you need to use admin/root privileges to perform that action.

Also, the Cisco VPN client creates a virtual network device that has all traffic routed through it, so you need to add a route between that interfaces network and the VM. Sorry, I don't know the full command off hand.

Answer 3

try this

sudo /sbin/route add -net 192.168.56 -interface Your_interface_Name

you can get the Interface_name via ifconfig and choosing the name that apperas first in the line (e.g., en1). You may use the virtual box interface.

HTH