IOS – Sending All Traffic Over VPN Tunnel (IKEv2) in OS X 10.11.5


I recently setup VPN connections on my Macbook Pro running OS X 10.11.5 via the Apple Configurator. However, I am having trouble sending all traffic across the VPN Tunnel rather than through the regular Wi-Fi Connection.

Although the default route is created when the VPN is connected, no traffic is sent across the VPN (the VPN has been confirmed to be working in Windows and Linux).

Here is the output of:

netstat -rn

Destination        Gateway            Flags        Refs      Use   Netif Expire
default             UGSc           43        0     en1
default            link#8             UCSI            0        0  ipsec0
10/16              link#5             UCS             8        0     en1        link#5             UCS             1        0     en1           <EDGE ROUTER MAC>  UHLWIir        47      194     en1      1076    link#5             UCS             1        0     en1       <MBP MAC ADDRESS>  UHLWI           0        1     lo0           UGHS            0        0     en1
127                UCS             0        0     lo0          UH             18   781055     lo0
169.254            link#5             UCS             0        0     en1        UH              0        0  ipsec0
224.0.0            link#5             UmCS            1        0     en1
224.0.0            link#8             UmCSI           0        0  ipsec0        1:0:5e:0:0:fb      UHmLWI          0        0     en1 link#5             UCS             0        0     en1 link#8             UCSI            0        0  ipsec0

There is no option to enable/disable forwarding all traffic over the VPN like there is with PPTP.

How can I forward all traffic over the VPN when the VPN is active similar to how Windows and Linux already does this?

The more I dig into OS X and VPN Networking the more it seems like it would be easier to host a dual VPN of IPSec for the Windows and Linux clients and OpenVPN for OS X and iOS.

Best Answer

  • I met the same problem, but I found the checkbox exists in the "Apple Configurator2" VPN section.

    By installing the profile with enabling that option, all my traffic seems to pass under VPN.