How to make ip route stick after interface restart?

Question

I am currently using the following commands to force traffic from 192.168.2.10 through 10.8.0.1 on tun0:

ip rule add from 192.168.2.10/32 table 100
ip route add default via 10.8.0.1 table 100

tun0 is OpenVPN. It works well but if the VPN connection drops (i.e. tun0 disappears) the route is removed from table 100. How can I make this route "stick", i.e. remain even if the interface disappears? Alternatively, how can I make the route appear again when the interface re-appears? Furthermore, if I can't make the route "stick" then can I use the following command to ensure traffic from 192.168.2.10 is blocked while tun0 is unavailable:

iptables -A FORWARD -i eth0 -s 192.168.2.10/32 -o eth0 -j DROP

(note: traffic from 192.168.2.10 comes in on eth0)

Answer 1

rtfm

   --up cmd
      Run command cmd after successful TUN/TAP device open (pre --user
      UID change).

      cmd  consists  of  a  path  to  script  (or executable program),
      optionally followed by arguments. The path and arguments may  be
      single-  or  double-quoted and/or escaped using a backslash, and
      should be separated by one or more spaces.

      The up command is useful for  specifying  route  commands  which
      route IP traffic destined for private subnets which exist at the
      other end of the VPN connection into the tunnel.

Create a script with those 2 lines, and add 2 lines to openvpn config:

up /my/script.sh
script-security 2