With the limited information in the question I make the example using some assumptions (just replace the below interface and ip addresses with what is applicable on your system):
Client VPN tunnel interface: vpn0
Client default gateway: 4.3.2.1
Server VPN tunnel IP address: 10.10.10.1
VPN Server IP address: 6.7.8.9
(the address you connect the VPN client to)
Once you have successfully connected the VPN client to the server the following will allow the client full tunnel (i.e. routing all traffic via the VPN server):
Add specific route for the VPN server (so the client will not try to send the VPN traffic inside the VPN tunnel):
ip route add 6.7.8.9 via 4.3.2.1
Add two /1
segments to supersede the default (0.0.0.0/0
) route:
ip route add 0.0.0.0/1 via 10.10.10.1 dev vpn0
ip route add 128.0.0.0/1 via 10.10.10.1 dev vpn0
Once you bring down the tunnel the two /1
routes will be automatically removed as the vpn0 is no longer available, and the default route will take precedence again. (The route to the VPN Server public ip address will remain, but is no problem.)