Ubuntu – How to change the metric of an OpenVPN client default route

networkingopenvpn

I'm connecting to an OpenVPN server from Ubuntu 16.04, with OpenVPN 2.3.10 from the command line using sudo openvpn --config client.conf, or as a service using sudo service openvpn@client start.

I want the resulting connection to be used as lowest priority, so I'm trying to set the metric of the default route it creates to 1000, however I'm not sure how to achieve this. The OpenVPN manual states:

--route-metric m
Specify a default metric m for use with --route.

I'd hoped that adding route-metric 1000 to my config file would affect the default route that OpenVPN creates automatically, however I have to assume that it's only used with the --route option, and the route in question still has a metric of 0:

Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         x.x.x.x         128.0.0.0       UG    0      0        0 tun0

I can see three ways round this problem. How can I go about achieving one of them?

Option 1: Tell OpenVPN to use a different metric when creating the default route

Option 2: Prevent the route from being created in the first place, and use the --route option to create my own using the vpn_gateway variable provided by this option (I think)

Option 3: Modify the default route using the --route option. This will require knowing all the parameters of the route, so some scripting may be required.

Best Answer

It looks like Option 2; preventing the default route from being created, can be achieved using the route-nopull option.

--route-nopull

  • When used with --client or --pull, accept options pushed by server EXCEPT for routes, block-outside-dns and dhcp options like DNS servers.

  • When used on the client, this option effectively bars the server from adding routes to the client's routing table, however note that this option still allows the server to set the TCP/IP properties of the client's TUN/TAP interface.

Related Question