How can I prevent OpenVPN from clobbering local route?
Solution 1
Use the
--route-up --route-noexec
option in openvpn and completely ignore the routes being pushed to you, instead adding static routes to the specific hosts you want to access through the tunnel.
openvpn --route-noexec --route-up /tmp/myscript --config ./client.ovpn
where /tmp/myscript is
route add -host 192.168.1.69 gw ${route_net_gateway}
Something similar to that, I haven't actually tested this but it should work. You probably want to remove the routes when you disconnected as well.
Solution 2
In addition to @hellomynameisjoel's answer, note that you can access the pushed routes in the route-up
script via environmental variables. So you can add necessary routes only.
Alternatively, you can add a route using the default gateway in the OpenVPN config file:
route 192.168.1.0 netmask 255.255.255.0 net_gateway
After this, adding an identical pushed route will fail.
P.S. Tested on ArchLinux/OpenVPN 2.3.5.
ataylor
Updated on September 17, 2022Comments
-
ataylor almost 2 years
I have a local network on 192.168.1.0 with netmask 255.255.255.0. When I connect to a VPN though OpenVPN (as a client), it pushes a route for 192.168.1.0 that clobbers the existing one, making my local network inaccessible. I don't to access anything on 192.168.1.0 on the remote machine; I'd like to just ignore it, while accepting the other routes that are pushed. My client is Ubuntu 10.10.
How can I skip the one offending route?