Hey everyone I’m still relatively new to linux, so apologies in advance for my ignorance.
I’m trying to make a script run automatically everytime after OpenVPN connects to a VPN server. The script deletes the default route for the VPN via ip route delete default dev tun0. I’m trying to do it via a script because it seems that the default route is being changed by the ProtonVPN server, because I can’t find redirect-gateway in the .opvn file itself.
I’ve tried:
adding up /path/to/script.sh to the .opvn file
adding up /path/to/script.sh to the /etc/openvpn/vpn.conf file
I’m not sure what I’m doing wrong… or if I am just going in the wrong direction and should just create a vpn.service to run the script instead of messing with the openvpn services.
I don’t think you can change the default gateway from the client configuration… The OpenVPN server I believe is what dictates what gateway you will use… The redirect-gateway is a server-side configuration parameter that changes your default gateway so that all IP traffic such as web browsing and DNS lookups will go through the VPN.
openvpn(1) explicitly states that redirect-gateway is a client-side configuration control, though it can also be pushed from the server.
The obvious solution is simply redirect-gateway def1, by which openvpn does not delete the default route, rather it overrides the default route with a pair of 1-bit masked routes (that is, 0.0.0.0/1 and 128.0.0.0/1), thus the default route is never used while the connection is active. The pair are auto-deleted when openvpn disconnects.
Hmm, okay, well I can remove the VPN default routing with the script I made. So does that mean that I won’t be able to change it via messing around with openvpn services, confs, etc?
Well the only thing I want the VPN for is my torrent client to have it seeding in the background all the time. And the torrent client (qBittorrent) has a setting that lets me pick which network interface I want it to use, so I chose the VPN (tun0). I just want to disable the default routing because it just slows down everything else, YouTube, Netflix and web browsing, and I don’t need it for those things anyway.
You will need to have another NIC dedicated for your normal internet browsing and configure a new default route for it directly in the OS, and not the OpenVPN configuration files. Can use the following link as a guide:
Oh I know why I was confused because I have in my personal notes the line ;push "redirect-gateway def1 bypass-dhcp" in the /etc/openvpn/server.confserverconfiguration file, because push pushes a config file option back to the client for remote execution… So that’s probably how the ProtonVPN server is overriding his gateway.
If that’s the case then I don’t think he can change it? He will have to just configure another default route on another NIC that doesn’t go over the VPN.
I’m still relatively new to linux, so apologies in advance for my ignorance.