27

If you use redirect-gateway def1 option in OpenVPN config file,the server will add a default gateway on your route table, what I want to know is why OpenVPN did not use network 0.0.0.0 netmask 0.0.0.0 as a default gateway instead of netmask 128.0.0.0 ?

Improve this question

1 Answer 1

Reset to default
37

OpenVPN isn't using 0.0.0.0/0 as the route on the default gateway because you told it not to, with the redirect-gateway def1 config option. The manpage explains more, but basically by putting in two /1 routes covering the entire IPv4 address space, you get the same end result, but as it's more specific than a standard default route, it gets used in preference, so you don't have to either delete the existing default route, nor do you have to play games with routing metrics to get your OpenVPN route preferred.

Improve this answer
2
  • 6
    To be clear, there are two routes that are more specific than a single one covering everything. Basically making the entire IP range into two subnets. They are: 0-128.0.0.0/1 and 129.0.0.0-255.255.255.255/1 The precision of two overrides the single bigger network range. You'll also have a route that is even more specific for your VPN server which goes to the Internet, not the VPN. Oh, and a /1 mask = 128.0.0.0.
    – flickerfly
    Commented Mar 29, 2016 at 20:21
  • In other words OpenVPN adds 0.0.0.0/1 and 128.0.0.0/1 routes to override the default one. To avoid the need to delete it, as far as I can tell.
    – x-yuri
    Commented Mar 21 at 7:34

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .