OpenVPN Taking Over Routes

Running recent build of 1.5.

I’ve been using Wireguard VPN for a while. When I created the interface, no routes were setup. I created static routes and policies of when I want traffic to use the VPN. I like it that way.

I wanted to get familiar with OpenVPN on VyOS as well. So I setup an interface to my VPN provider. Connection went well.

To my surprise, all traffic on my network started going over the VPN. My local laptop’s public IP suddenly became the public IP of the tunnel! It automatically setup the route.

I don’t want it to do that. I only want a certain vlan to do that. So I would like to setup the rules manually. But how do I stop the automatic route? I did not specify the replace-default-route option. I left it out of the config entirely.

What’s the trick to disable the automatic default route?

Please provide full device configuration and the output of the command:

$show ip route

Here’s the config. I tried to redact anything private:

Here’s the route first with the interface enabled then with it disabled. That is the only change made between the two commands:

With OpenVPN interface enabled:

vyos@router:~$ show ip route
Codes: K - kernel route, C - connected, S - static, R - RIP,
       O - OSPF, I - IS-IS, B - BGP, E - EIGRP, N - NHRP,
       T - Table, v - VNC, V - VNC-Direct, A - Babel, F - PBR,
       f - OpenFabric,
       > - selected route, * - FIB route, q - queued, r - rejected, b - backup
       t - trapped, o - offload failure

S>* 0.0.0.0/0 [1/0] via <isp_publicIP>, eth0, weight 1, 3d20h04m
K>* 0.0.0.0/1 [0/0] via 10.8.8.1, vtun0, 00:01:21
C>* 10.0.0.0/23 is directly connected, bond0, 11:16:07
C>* 10.0.2.0/24 is directly connected, bond0.2, 3d20h05m
C>* 10.0.3.0/24 is directly connected, bond0.3, 3d20h05m
C>* 10.0.4.0/24 is directly connected, bond0.4, 3d20h05m
C>* 10.0.5.0/24 is directly connected, bond0.5, 3d20h05m
C>* 10.0.7.0/24 is directly connected, wg1, 3d20h04m
C>* 10.8.8.0/24 is directly connected, vtun0, 00:01:21
C>* 10.14.0.0/16 is directly connected, wg2, 20:49:58
K>* 93.152.220.167/32 [0/0] via <isp_publicIP>, eth0, 00:01:21
K>* 128.0.0.0/1 [0/0] via 10.8.8.1, vtun0, 00:01:21
C>* <isp_publicIP>/26 is directly connected, eth0, 3d20h05m

vyos@router:~$ curl -4 -L ifconfig.me
93.152.220.168


With OpenVPN interface disabled:

vyos@router:~$ show ip route
Codes: K - kernel route, C - connected, S - static, R - RIP,
       O - OSPF, I - IS-IS, B - BGP, E - EIGRP, N - NHRP,
       T - Table, v - VNC, V - VNC-Direct, A - Babel, F - PBR,
       f - OpenFabric,
       > - selected route, * - FIB route, q - queued, r - rejected, b - backup
       t - trapped, o - offload failure

S>* 0.0.0.0/0 [1/0] via <isp_publicIP>, eth0, weight 1, 3d20h06m
C>* 10.0.0.0/23 is directly connected, bond0, 11:18:40
C>* 10.0.2.0/24 is directly connected, bond0.2, 3d20h07m
C>* 10.0.3.0/24 is directly connected, bond0.3, 3d20h07m
C>* 10.0.4.0/24 is directly connected, bond0.4, 3d20h07m
C>* 10.0.5.0/24 is directly connected, bond0.5, 3d20h07m
C>* 10.0.7.0/24 is directly connected, wg1, 3d20h07m
C>* 10.14.0.0/16 is directly connected, wg2, 20:52:31
C>* <isp_publicIP>/26 is directly connected, eth0, 3d20h08m

vyos@ruth.hfamly.com:~$ curl -4 -L ifconfig.me
<isp_publicIP>

Can you please share the exact version of VyOS running on your server/client devices ?
Also share the output of this file from the openvpn server side: /run/openvpn/vtun10.conf
$show configuration command | strip-private

You didn’t get the default route
You get 2 morespec prefixes

K>* 0.0.0.0/1 [0/0] via 10.8.8.1, vtun0, 00:01:21
K>* 128.0.0.0/1 [0/0] via 10.8.8.1, vtun0, 00:01:21
1 Like