- System Preferences > Network
- Click '+'
- Interface: VPN
- VPN Type: L2TP over IPSec
- Server address: Your instance's public IP address or DNS name
- Click Authentication Settings
- Password: your password
- Shared Secret: the PSK configured when setting up the VPN
- Click Advanced
- Tick "Send all traffic over VPN connection" (Note: this may not be needed in recent macOS versions)
(In the example below, replace 172.30 with your VPC's prefix, and 10.11.12 with your VPN's IP block)
- Each time you connect, type
sudo route add -net 172.30 10.11.12.1
- This is an alternate method that sticks, and will work beyond client stops, and restarts and reboots.
Get the name of your VPN entry in networking
› networksetup -listallnetworkservices
› networksetup -getinfo "vpn-us-east-1"
IPv6 IP address: none
IPv6 Router: none
sudo networksetup -setadditionalroutes "vpn-us-east-1" 172.30.0.0 255.255.0.0 10.11.12.1