23

If you use redirect-gateway def1 option in OpenVPN config file,the server will add a default gateway on your route table, what I want to know is why OpenVPN did not use network 0.0.0.0 netmask 0.0.0.0 as a default gateway instead of netmask 128.0.0.0 ?

pevik
  • 286
  • 1
  • 12
Forcyy
  • 333
  • 1
  • 2
  • 4

1 Answers1

35

OpenVPN isn't using 0.0.0.0/0 as the route on the default gateway because you told it not to, with the redirect-gateway def1 config option. The manpage explains more, but basically by putting in two /1 routes covering the entire IPv4 address space, you get the same end result, but as it's more specific than a standard default route, it gets used in preference, so you don't have to either delete the existing default route, nor do you have to play games with routing metrics to get your OpenVPN route preferred.

womble
  • 95,029
  • 29
  • 173
  • 228
  • 5
    To be clear, there are two routes that are more specific than a single one covering everything. Basically making the entire IP range into two subnets. They are: 0-128.0.0.0/1 and 129.0.0.0-255.255.255.255/1 The precision of two overrides the single bigger network range. You'll also have a route that is even more specific for your VPN server which goes to the Internet, not the VPN. Oh, and a /1 mask = 128.0.0.0. – flickerfly Mar 29 '16 at 20:21