How to add a static route in Linux

Static routes direct traffic for specific networks through chosen gateways, enabling access to additional internal subnets, VPNs, or separate WAN links without changing the default route. Using targeted routes keeps latency low and prevents all traffic from being forced through a single exit path.

On Linux, the kernel maintains a routing table that matches each packet’s destination address against configured prefixes. The iproute2 tools, particularly ip, manage these entries at runtime, while network configuration frameworks such as NetworkManager store routes that should be recreated automatically when interfaces come up.

Misconfigured routes can silently redirect traffic to the wrong gateway, break connectivity to certain networks, or override preferred paths. Changes typically require root or sudo privileges, and persistent configuration depends on the networking stack in use; the following procedure assumes a system using iproute2 and NetworkManager for IPv4 routing.

1. Open a terminal on the Linux host with access to an account that can use sudo.

   $ whoami
   user

2. View the current IPv4 routing table to understand existing routes and default gateways.

   $ ip route
   default via 192.168.1.1 dev eth0 proto dhcp metric 100
   192.168.1.0/24 dev eth0 proto kernel scope link src 192.168.1.100

   The routing table decides where packets go based on the most specific matching prefix.

3. Determine the destination network, gateway address, and outgoing interface for the new static route.

   Example values used below: destination 10.10.20.0/24 via gateway 192.168.1.1 on interface eth0.

4. Add the static route for the destination network using the chosen gateway and interface.

   $ sudo ip route add 10.10.20.0/24 via 192.168.1.1 dev eth0

   A route pointing at an unreachable or incorrect gateway can cause timeouts and make some networks appear down.

5. Confirm that the new static route appears in the routing table.

   $ ip route show 10.10.20.0/24
   10.10.20.0/24 via 192.168.1.1 dev eth0

   The ip route show <prefix> form filters the table to only the route of interest.

6. Test connectivity to an IP address inside the destination network.

   $ ping -c 4 10.10.20.10
   PING 10.10.20.10 (10.10.20.10) 56(84) bytes of data.
   64 bytes from 10.10.20.10: icmp_seq=1 ttl=62 time=1.23 ms
   64 bytes from 10.10.20.10: icmp_seq=2 ttl=62 time=1.11 ms
   ##### snipped #####

   Successful replies indicate that the static route is functioning for at least one host in the target network.

7. List NetworkManager connections to find the profile name associated with the interface that should carry the static route.

   $ nmcli connection show
   NAME                UUID                                  TYPE      DEVICE
   Wired connection 1  11111111-2222-3333-4444-555555555555  ethernet  eth0
   ##### snipped #####

   The NAME column contains the connection profile used later when persisting the route.

8. Add the static route to the IPv4 settings of the chosen NetworkManager connection so it is recreated on interface up.

   $ sudo nmcli connection modify "Wired connection 1" +ipv4.routes "10.10.20.0/24 192.168.1.1"

   The ipv4.routes property expects entries in the form <prefix> <gateway> and supports multiple routes.

9. Reactivate the NetworkManager connection so the persistent static route configuration is applied.

   $ sudo nmcli connection up "Wired connection 1"
   Connection 'Wired connection 1' successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/1)

10. Verify that the connection profile now lists the configured static route and that it appears in the routing table.

    $ nmcli connection show "Wired connection 1" | grep ipv4.routes
    ipv4.routes:                      10.10.20.0/24 192.168.1.1
    
    $ ip route show 10.10.20.0/24
    10.10.20.0/24 via 192.168.1.1 dev eth0

    The NetworkManager profile ensures the route survives reboots and interface flaps as long as the connection is active.

11. Remove the static route if it was added with incorrect parameters or is no longer required.

    $ sudo ip route del 10.10.20.0/24 via 192.168.1.1 dev eth0

    Removing the route immediately stops traffic from using that path, which can disrupt access to networks that rely on it.