Protect default route on client

[keriati]

Hi!

I got an account for openvpn from my university. I set the connection up on my home (TomatoUSB based) router. The vpn server is configured in a way, to also push the default route on connect to my router, so all the internet traffic should go through the university's routers.
Well i don't like it this way, and there is no point for it (also slows down the speed), so i just changed the default route back to my own isp's, after the vpn is connected:

route del default
route add default gw 213.xxx.xxx.xxx vlan1

This works just fine.
But i want my router to always auto connect to the university vpn, and don't want to change the default route back every time manually. Is there some way, to protect my default route on the client side configuration, or any way to always trigger this command, to change the default route back? But it would be better, if the default route would not change at all. I just couldn't find anything about this in the FAQ or the HOWTO.

~

[krzee]

i believe an --up script is what you are looking for... try that and see how it works

[keriati]

Well, sounds good at first, but this just isn't working...

here's the script:

Code: Select all

#!/bin/sh

sleep 10
route del default
route add default gw x.x.x.x vlan1

Here are the logs:

Oct 13 21:31:01 Mainstream daemon.notice openvpn[1684]: /tmp/mnt/Valentine/db/ovpn.up.sh tap11 1500 1576 10.8.0.2 255.255.255.0 init
Oct 13 21:31:11 Mainstream daemon.notice openvpn[1684]: /sbin/route add -net x.x.x.x netmask 255.255.255.255 gw x.x.x.x
Oct 13 21:31:11 Mainstream daemon.notice openvpn[1684]: /sbin/route del -net 0.0.0.0 netmask 0.0.0.0
Oct 13 21:31:11 Mainstream daemon.notice openvpn[1684]: /sbin/route add -net 0.0.0.0 netmask 0.0.0.0 gw 10.8.0.1
Oct 13 21:31:11 Mainstream daemon.notice openvpn[1684]: /sbin/route add -net 172.16.115.0 netmask 255.255.255.0 gw 10.8.0.1
Oct 13 21:31:11 Mainstream daemon.notice openvpn[1684]: /sbin/route add -net 172.16.4.0 netmask 255.255.255.0 gw 10.8.0.1
Oct 13 21:31:11 Mainstream daemon.notice openvpn[1684]: /sbin/route add -net 172.20.16.0 netmask 255.255.255.0 gw 10.8.0.1
Oct 13 21:31:11 Mainstream daemon.notice openvpn[1684]: /sbin/route add -net x.x.x.x netmask 255.255.255.255 gw 10.8.0.1
Oct 13 21:31:11 Mainstream daemon.notice openvpn[1684]: Initialization Sequence Completed

As you can see, the up script is executed before the server changes the routes
I just try it with sleep, but still won't work...

[keriati]

Well here's something that works, but i don't think it's a nice solution:

ovpn.up.sh:

Code: Select all

#!/bin/sh

(/bin/sh /tmp/mnt/Valentine/db/ovpn2.up.sh &)

ovpn2.up.sh:

Code: Select all

#!/bin/sh

sleep 10
route del default
route add default gw x.x.x.x vlan1

And in the client config added:

Code: Select all

script-security 2
up /tmp/mnt/Valentine/db/ovpn.up.sh

Any better solution, maybe something where the default route isn't even changed at all?

[krzee]

yes
tell your server to not push it at you

[keriati]

is not my server