Trying to find a better solution, I decided to try some new ways of fixing the routes after the VPN is brought up. Heres what i'm using now:
I edit /etc/NetworkManager/dispatcher.d/01ifupdown as follows:
Add the lines from "#vpn fix" to "#end fix" after the line "case "$2" in" as shown:
case "$2" in
#vpn fix
vpn-up)
#lets stick in a new host route to keep the VPN working DIF=`/sbin/route -n | grep UGH | sed "s/ */ /g" | cut -d " " -f 8` DRT=`/sbin/route -n | grep UGH | sed "s/ */ /g" | cut -d " " -f 2`
/sbin/route add -host $DRT $DIF
exit 0
;;
vpn-down)
#lets remote the unneeded route now that the vpn is down DIF=`/sbin/route -n | grep UH | sed "s/ */ /g" | cut -d " " -f 8` DRT=`/sbin/route -n | grep UH | sed "s/ */ /g" | cut -d " " -f 1`
/sbin/route delete -host $DRT $DIF
exit 0
;;
#end fix
up)
export MODE="start"
export PHASE="up"
...
...
Now my OpenVPN configuration works with no extra routes set and no options checked off. I can connect to all the hosts on the remote network as well as use the remote gateway as my default (I push the option on the server side) so I can secure all my activity while on a untrusted hotspot.
Trying to find a better solution, I decided to try some new ways of fixing the routes after the VPN is brought up. Heres what i'm using now:
I edit /etc/NetworkMan ager/dispatcher .d/01ifupdown as follows:
Add the lines from "#vpn fix" to "#end fix" after the line "case "$2" in" as shown:
case "$2" in
DIF=`/ sbin/route -n | grep UGH | sed "s/ */ /g" | cut -d " " -f 8`
DRT=`/ sbin/route -n | grep UGH | sed "s/ */ /g" | cut -d " " -f 2`
DIF=`/ sbin/route -n | grep UH | sed "s/ */ /g" | cut -d " " -f 8`
DRT=`/ sbin/route -n | grep UH | sed "s/ */ /g" | cut -d " " -f 1`
#vpn fix
vpn-up)
#lets stick in a new host route to keep the VPN working
/sbin/route add -host $DRT $DIF
exit 0
;;
vpn-down)
#lets remote the unneeded route now that the vpn is down
/sbin/route delete -host $DRT $DIF
exit 0
;;
#end fix
up)
export MODE="start"
export PHASE="up"
...
...
Now my OpenVPN configuration works with no extra routes set and no options checked off. I can connect to all the hosts on the remote network as well as use the remote gateway as my default (I push the option on the server side) so I can secure all my activity while on a untrusted hotspot.