how to add static route to specific host

Question

I'm currently using "strongSwan" ipsec VPN client on linux.

I can connect to my VPN server, default route automatically set to 10.10.10.1.
And I can access my local network by ip route add 192.168.7.0/24 dev ens33

ip route list output:

default via 192.168.7.1 dev ens33 proto static src 10.10.10.1
172.17.0.0/16 dev docker0 scope link
192.168.7.0/24 dev ens33 scope link

Everything works well !

BUT!

Now I need to connect to another server from "my real IP", not VPN server.

(the server ip is 1.2.3.4 eg.)

I can ping 1.2.3.4 with 300ms lag, but can't connect because my IP was wrong.
Without VPN connected, ping will be 2~6ms.

Question: How to specify route to 1.2.3.4, when default route is set to VPN

I have tried ip route add 1.2.3.4 dev ens33
But failed with "Destination Host Unreachable"

Answer 1

ip route add 1.2.3.4 via 192.168.7.1 dev ens33

if necessary replace 192.168.7.1 with the correct IP address of your internet gateway router (if it is not 192.168.7.1 it might be 192.168.7.254

Answer 2

I don't really understand if you need to connect to 1.2.3.4 via VPN or directly. If you need to connect via VPN when I'm afraid it might be not possible if you don't have access to configure the VPN server and/or 1.2.3.4 server. Because you need to set up the reverse routing for this to work. Both VPN and 1.2.3.4 server need to know how to reach you back through VPN link. If your routes aren't symmetric most likely the packets are lost, because 1.2.3.4 doesn't knows how to route to 10.10.10.0/24 network.

But if you are fine with direct connection (without VPN and encryption) to 1.2.3.4 you can add a route to connect directly via your Internet connection without VPN. Make sure to record your default gateway before connecting to VPN with ip route command. Like this for example:

default via 123.123.123.123 dev eth1

So after connecting to VPN you can add a route:

ip route add 1.2.3.4 via 123.123.123.123 dev eth1

That will add a route to 1.2.3.4 directly, without VPN.