Update 2013/09/27: Linux and BSD (for Mac) information for routing has been added to this article
Windows route Command
Context: Needed to be able to add routes to the Windows routing table in order to access various private subnets on work network while on the corporate VPN. The first step entailed navigating to the VPN's properties and unchecking the option to 'Use default gateway on remote network'. On Windows 7, this setting is located in the properties menu of the VPN connection as follows:
- Networking (Tab)
- Internet Protocol Version 4 (TCP/IPv4)
- Properties
- Advanced
- IP Settings (Tab)
With this option unchecked, in order to reach other subnets on the work network (other than the one in which your assigned VPN ip resides) I needed to explicitly add routes to the Windows routing table. In my case I did this on the command line with the 'route add' command as illustrated below:
C:\Users\kjones>route add 10.10.1.12 mask 255.255.255.255 192.168.89.31 -p
OK!
C:\Users\kjones>route add 172.24.97.0 mask 255.255.255.0 192.168.89.31 -p
OK!
The '-p' switch creates a persistent route that does not get deleted upon reboot/shutdown.
In the case that we need to change an existing route we use the 'route change' command. Suppose that we have already added the following routes, and wish to change a particular entry:
C:\Users\kjones>route print
...
===========================================================================
Persistent Routes:
Network Address Netmask Gateway Address Metric
192.168.99.0 255.255.255.0 192.168.89.30 1
10.10.1.0 255.255.255.0 192.168.89.30 1
172.24.97.0 255.255.255.0 192.168.89.30 1
10.0.9.0 255.255.255.0 192.168.89.30 1
10.0.1.0 255.255.255.0 192.168.89.30 1
0.0.0.0 0.0.0.0 192.168.1.1 Default
===========================================================================
...
If we wish to change the Gateway Address for the 172.24.97.0 entry, we use the 'route change' command as follows:
C:\Users\kjones>route change 172.24.97.0 MASK 255.255.255.0 192.168.89.31
OK!
C:\Users\kjones>
Linux route and ip route Commands
To add a route with the deprecated route command:
$ sudo route add -net 10.0.1.0 netmask 255.255.255.0 gw 192.168.89.31
Alternatively with the more contemporary ip route command; to display the routing table:
kyle.jones ~ $ sudo ip route list
10.0.1.0/24 dev eth1 proto kernel scope link src 10.0.1.44
172.24.97.0/24 via 10.0.1.254 dev eth1
10.10.1.0/24 via 10.0.1.1 dev eth1
172.24.96.0/24 via 10.0.1.254 dev eth1
192.168.99.0/24 via 10.0.1.254 dev eth1
10.0.9.0/24 via 10.0.1.254 dev eth1
169.254.0.0/16 dev eth1 scope link metric 1003
default via 10.0.1.200 dev eth1
Make sure to flush the routing table cache to ensure changes take effect immediately:
kyle.jones ~ $ sudo ip route flush cache
kyle.jones ~ $ sudo ip route change default via 10.0.1.1
kyle.jones ~ $ sudo ip route list
10.0.1.0/24 dev eth1 proto kernel scope link src 10.0.1.44
172.24.97.0/24 via 10.0.1.254 dev eth1
10.10.1.0/24 via 10.0.1.1 dev eth1
172.24.96.0/24 via 10.0.1.254 dev eth1
192.168.99.0/24 via 10.0.1.254 dev eth1
10.0.9.0/24 via 10.0.1.254 dev eth1
169.254.0.0/16 dev eth1 scope link metric 1003
default via 10.0.1.1 dev eth1
kyle.jones ~ $ sudo ip route change 192.168.99.0/24 via 10.0.1.1
kyle.jones ~ $ sudo ip route flush cache
BSD (Mac) route Command
I ran into the following error when trying to use the Linux route syntax on a Mac to add a route:
route: bad address: netmask
The correct BSD style syntax for the route command is as follows:
Kyles-MacBook-Air:~ kjones$ sudo route add 10.0.1.0 192.168.89.31 -netmask 255.255.255.0
add net 10.0.1.0: gateway 192.168.89.31
The BSD route command also accepts CIDR syntax to shorten the command:
Kyles-MacBook-Air:~ kjones$ sudo route add 10.0.1.0/24 192.168.89.31
add net 10.0.1.0: gateway 192.168.89.31