DEV Community

David Mohl
David Mohl

Posted on • Updated on • Originally published at

VPN connections and local network traffic on Mac

Mirrored from my blog -

These days I've been trying to be more conscious about my online footprint and privacy in general. I've been using one-off email addresses for years now (btw check out my recent post on masked emails if you haven't yet), and have a bunch of little scripts that spit out things like random usernames when I hit "!" 3 times.

But honestly speaking, IP addresses were one of those things I just kind of didn't really care about.

What changed my view drastically was when I hacked on a cloudflare workers project and for debug purpose decided to console.log() the Request object. Here's what got printed

      "message": [
          "cf": {
            "longitude": "REDACTED",
            "latitude": "REDACTED",
            "continent": "AS",
            "country": "JP",
            "tlsVersion": "TLSv1.3",
            "colo": "NRT",
            "timezone": "Asia/Tokyo",
            "city": "REDACTED",
            "edgeRequestKeepAliveStatus": 1,
            "requestPriority": "",
            "httpProtocol": "HTTP/3",
            "region": "Tokyo",
            "regionCode": "13",
            "asOrganization": "REDACTED",
            "postalCode": "REDACTED"
Enter fullscreen mode Exit fullscreen mode

I cut out some of the details here, but the request had longitude, latitude, my internet provider name and a postal code that is very close to mine. Meaning every site I interact with basically knows where I live to a certain degree. That ain't good.

I now have a VPN running almost all of the time, which brings me to the main topic of this post:

When using a VPN, like NordVPN, and you want to let that run 24/7 so that you can move all traffic without leaks through the it, you'll sooner or later end up running into issues with things like local network no longer resolving because it's not part of the virtual network.

How do you fix that?

Temporary rules with route

Mac has a bunch of neat network tools that you can use to get around this, the easiest is route:

# route <target> <gateway>
sudo route -nv add -net 10.0
Enter fullscreen mode Exit fullscreen mode

with the -net flag (there is also -host), 10.0 expands to, so the entire subnet of 10.0.* will get routed to the gateway instead of the VPN network, sweet! (10.0.5.* is my network for services and smaller devices)

Routes added with route are temporary, so once you restart they're gone which makes them good for experimenting and quickly setting things up in a non-destructive way.

Making things persist

For persistent rules, mac comes with the networksetup tool:

❯ networksetup -listallnetworkservices

An asterisk (*) denotes that a network service is disabled.
USB 10/100/1000 LAN
Thunderbolt Bridge
NordVPN NordLynx
Enter fullscreen mode Exit fullscreen mode

The command we want is -setadditionalroutes. This command takes a interface, and then triplets of <target> <netmask> <gateway>

networksetup -setadditionalroutes "Ethernet"
Enter fullscreen mode Exit fullscreen mode

This command adds a route for 10.0.5.* (designated by the netmask and routes all traffic to the gateway instead.

Repeat that for all your interfaces that you use to connect, and done.

To add multiple routes you'll have to specify them in the same go, in triplets:

networksetup -setadditionalroutes "Ethernet"
Enter fullscreen mode Exit fullscreen mode

Now everything from 192.168.* and 10.0.5.* will get routed to my router

About NordVPN

I never talked to NordVPN, but after trialing 4-5 different VPN services that were recommended for privacy, I ended up at Nord and am very happy with them (dark patterns like difficulty to unsubscribe aside). The speed is very consistent and it's one of the only options I was really able to keep turned on 24h a day.

If you're thinking of signing up for NordVPN, consider using my referal

Top comments (1)

madge_dagrella profile image
Madge Dagrella • Edited

Selecting the right VPN involves several key considerations, including its privacy policy, security features, server locations, and connection speeds. It's crucial to prioritize VPNs with robust encryption, a strict no-logs policy, and a wide server network. Researching and comparing different VPNs can help you make an informed decision. Resources like provide valuable insights and comparisons to assist in selecting the best VPN for your requirements. Your dedication to enhancing online privacy, such as using one-off email addresses and NordVPN, is praiseworthy. Understanding the significance of safeguarding personal information like IP addresses is also vital. Thank you for sharing your expertise on managing VPN connections on Mac, especially regarding local network traffic, and for your positive experience with NordVPN.