I was moved to encrypt.me after buffered was acquired. This VPN automatically encrypts network connections _it_ feels are unsafe. If you encrypt all traffic, your local routed networks may become unavailable. Here is an example network:
If you enable “Secure my connection” from the encrypt.me application, you will loose connection to both the Corporate and DMZ networks.
To fix this problem, create static routes on the workstation to point to the firewall/router for specific networks. It seems that encrypt.me only redirects the default gateway, so by adding static routes, you can bypass encrypt.me.
networksetup -setadditionalroutes "Ethernet 1" 172.16.0.0 255.255.0.0 192.168.200.1
networksetup -setadditionalroutes "Ethernet 1" 192.168.20.0 255.255.255.0 192.168.200.1
route -p 172.16.0.0. MASK 255.255.0.0 192.168.200.1
route -p 192.168.20.0 MASK 255.255.255.0 188.8.131.52
# Add-Static-Routes.sh # This gets around the VPN system on the mac is sending these networks through it's VPN # Networks: # 172.16.0.0/16 --> Router VPN to Corporate # 192.168.20.0/24 --> Router DMZ IoT network # # These 'route' commands will work until next boot. Great for testing route add 172.16.0.0 192.168.200.1 255.255.0.0 # Corporate Network router VPN route add 192.168.20.0 192.168.200.1 255.255.255.0 # IoT DMZ in router # networksetup allows persistent routes across reboots. # -listnetworkservices will show current interfaces that -setadditionalroutes uses. Mine is "Ethernet 1" networksetup -listallnetworkservices # What network services are available on this Macintosh? networksetup -setadditionalroutes "Ethernet 1" \ 172.16.0.0 255.255.0.0 192.168.200.1 \ 192.168.20.0 255.255.255.0 192.168.200.1 # Show the routes networksetup -getadditionalroutes "Ethernet 1" route get 172.17.1.1 route get 192.168.20.1 # Test the routes ping -c 1 172.17.1.1 ping -c 1 192.168.20.1