Scenario I want to avoid is the thing fails to establish a vpn then starts broadcasting traffic I want to only go down the tunnel to the local subnet/out the subnet's default route unencrypted.
So far what Ive done is set the default route of the box when booted to its own IP, so it cant ever figure out how to get out onto the net, then added a single static route out to my preffered open vpn server via a working default route for the subnet.
It fires up, and establishes the tunnel to the open vpn server ,but when the session starts openvpn adds a load of routes into the routing table, including one of how to route to the open vpn server but which uses the bad system default route (which goes nowhere), which overrides the correct static route Ive put in.
How can I stop openvpn over writing my static route?
I tried doing a sh route del badroute on the bottom of the config but thats too early and runs before the routing gets added...
I had it working like this on a earlier machine running fedora natively but cant see what Ive done different this time config wise.
Any ideas? A better way to approach blackholing it rather than starting off with a bad default route?
I could run off a script that del's the routes added after establishing, but how can I trigger that from the openvpn sequence at the right time? if the route is left in, it times out and drops the tunnel so it has a small window to run in.
Edited by MrFluffy, 23 April 2010 - 05:58 AM.