diff --git a/.github/workflows/snyk.yaml b/.github/workflows/snyk.yaml
deleted file mode 100644
index 7607d47..0000000
--- a/.github/workflows/snyk.yaml
+++ /dev/null
@@ -1,38 +0,0 @@
----
-name: snyk
-
-on:                 # yamllint disable-line rule:truthy
-  push:
-    branches:
-      - "**"        # matches every branch
-      - "!main"     # excludes main
-  pull_request:
-    branches:
-      - main
-
-jobs:
-  security:
-    runs-on: ubuntu-latest
-    name: snyk
-    steps:
-      - name: checkout
-        uses: actions/checkout@v3
-
-      - name: Vulnerability scan
-        uses: snyk/actions/iac@master
-        with:
-          command: monitor
-          args: --severity-threshold=low
-
-      - name: Set up Node 18
-        uses: actions/setup-node@v3
-        with:
-          node-version: 18
-
-      - name: install Snyk CLI
-        run: npm install -g snyk
-
-      - name: snyk monitor
-        run: snyk iac test --report --severity-threshold=medium
-        env:
-          SNYK_TOKEN: ${{ secrets.ARC_SNYK_TOKEN }}
diff --git a/README.md b/README.md
index 9c63835..8e834dd 100644
--- a/README.md
+++ b/README.md
@@ -6,7 +6,6 @@
 
 [![Quality gate](https://sonarcloud.io/api/project_badges/quality_gate?project=sourcefuse_terraform-aws-arc-vpn)](https://sonarcloud.io/summary/new_code?id=sourcefuse_terraform-aws-arc-vpn)
 
-[![Known Vulnerabilities](https://github.com/sourcefuse/terraform-aws-arc-transit-gateway/actions/workflows/snyk.yaml/badge.svg)](https://github.com/sourcefuse/terraform-aws-arc-transit-gateway/actions/workflows/snyk.yaml)
 
 ## Overview
 
diff --git a/modules/client-vpn/main.tf b/modules/client-vpn/main.tf
index ba6ec66..2a6d37f 100644
--- a/modules/client-vpn/main.tf
+++ b/modules/client-vpn/main.tf
@@ -136,3 +136,11 @@ resource "aws_ec2_client_vpn_authorization_rule" "this" {
   access_group_id        = each.value.access_group_id
   authorize_all_groups   = each.value.authorize_all_groups
 }
+
+resource "aws_ec2_client_vpn_route" "this" {
+  for_each = var.additional_routes
+
+  client_vpn_endpoint_id = aws_ec2_client_vpn_endpoint.this.id
+  destination_cidr_block = each.value.destination_cidr_block
+  target_vpc_subnet_id   = each.value.target_vpc_subnet_id
+}
\ No newline at end of file
diff --git a/modules/client-vpn/variables.tf b/modules/client-vpn/variables.tf
index dcf4cd2..70964dc 100644
--- a/modules/client-vpn/variables.tf
+++ b/modules/client-vpn/variables.tf
@@ -185,3 +185,12 @@ variable "client_cidr_block" {
   type        = string
   description = "Client CICR block"
 }
+
+variable "additional_routes" {
+  type = map(object({
+    destination_cidr_block = string
+    target_vpc_subnet_id   = string
+  }))
+  default = {}
+}
+