Help us improve the AWS re:Post Knowledge Center by sharing your feedback in a brief survey. Your input can influence how we create and update our content to better support your AWS journey.
AWS Client VPN with split tunnel add default route even though it shouldn't
Documentation states it shouldn't do that https://docs.aws.amazon.com/vpn/latest/clientvpn-admin/split-tunnel-vpn.html
I also verified no such route exists in the AWS VPN config. Without VPN it looks like:
default 10.213.64.1 UGScg en0
And with AWS VPN Client connected
default 10.0.0.129 UGScg utun6
This breaks internet connections on the client since I cannot I access the internet from the VPN but I want to access it from the client network itself.
Running the following commands fixes the issue:
sudo route -n delete -net 0.0.0.0/0
sudo route -n add -net 0.0.0.0/0 10.213.64.1
And the VPN still works
My OS is Mac on the newest update but it was broken for a while.
- Newest
- Most votes
- Most comments
Do any interfaces on your system have a non-RFC1918 IP address?
I have bridge with 198.19.249.3 ip address is that a "non-RFC1918 IP address" ?
Yeah, I think that would count. Can you re-IP or temporarily delete the bridge and see if this still occurs?
Thanks, after looking into this bridge it seems to be known issue with AWS VPN Client and Orbstack https://github.com/orbstack/orbstack/issues/850 one of the sides needs to fix it but there are workarounds listed there for now
It's not just Orbstack, but I am glad you were able to resolve it. https://docs.aws.amazon.com/vpn/latest/clientvpn-admin/routing-to-lan.html
Relevant content
- asked 2 years ago
- AWS OFFICIALUpdated 9 months ago
Can you share screenshot of clientVPN configuration from AWS and your full route table?
Added that information to the post (except route table which I will add later)