I have a VPN connection (implemented via Open VPN) but am trying to route traffic to certain IPs / domains around it, so they just use my naked internet connection. From my research it looks like the best way to do this is with routing tables. None of the examples I've found have worked so I'd like to actually understand what's going on to troubleshoot more effectively.
When I run "route" with the VPN off, it looks pretty sensible:
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
default 192.168.1.1 0.0.0.0 UG 0 0 0 eth1
192.168.1.0 * 255.255.255.0 U 1 0 0 eth1
I suspect the first line sets default behaviour - we route via the gateway. If the destination is anywhere on the 192.168.1.* range / my internal network, the second line asserts a gateway of * (I guess this means use the default from the line above - but if I had a network spanning multiple octets, I could use this to channel certain blocks to certain gateways).
My expectation was that when I turn the VPN on,this would stay more or less the same but my gateway for "default" would shift to some wizardly VPN IP.
If this understanding is correct, I just need to add the IP I want to bypass the VPN as the destination, my actual router (192.168.1.1) as the gateway and things will work well (if the syntax for this is simple I'd love to see it).
Once I turn the VPN on, however, things get messy and I start to question my knowledge:
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 10.172.1.5 128.0.0.0 UG 0 0 0 tun0
0.0.0.0 192.168.1.1 0.0.0.0 UG 0 0 0 eth1
10.172.1.1 10.172.1.5 255.255.255.255 UGH 0 0 0 tun0
10.172.1.5 0.0.0.0 255.255.255.255 UH 0 0 0 tun0
128.0.0.0 10.172.1.5 128.0.0.0 UG 0 0 0 tun0
168.1.6.15 192.168.1.1 255.255.255.255 UGH 0 0 0 eth1
192.168.1.0 0.0.0.0 255.255.255.0 U 1 0 0 eth1
What is going on here? Can someone explain what these additional lines are and why they appear / disappear as I toggle the vpn?
Thanks for any suggestions! I have encountered a few "what is a routing table" articles but I think they're written for people much smarter than me - I'm still very new to Linux and would love some idiot proof advice :)