In exploring how my local openVPN virtual interface utun0
works, I came across the following data, and I don't know how to make sense of it. (I'm on a Mac)
$ netstat -nr
Routing tables
Internet:
Destination Gateway Flags Refs Use Netif Expire
0/1 10.8.0.5 UGSc 61 0 utun0
default 192.168.7.254 UGSc 7 0 en0
10.8.0.1/32 10.8.0.5 UGSc 1 0 utun0
10.8.0.5 10.8.0.6 UHr 110 12 utun0
54.242.164.191/32 192.168.7.254 UGSc 2 0 en0
...
It looks like "0/1" is CIDR notation. Is that correct? If so, I have follow up questions. From my understanding, an interface is chosen according to which subnet(s) match the destination ip. With 0/1, only ip addresses whose first bit is 0 would match — which means only ip address >= 128.0.0.0 would match. Is that true? I could believe that except then I get this
$ ip route get 8.8.8.8
8.8.8.8 via 10.8.0.5 dev utun0 src 10.8.0.6
So now I'm really confused what "0/1" means and why that route trumps the default route.
EDIT
0/1 would actually mean anything < 128.0.0.0, however, I still get this:
$ ip route get 198.41.208.137
198.41.208.137 via 10.8.0.5 dev utun0 src 10.8.0.6
So ip addresses both greater and lesser than 128.0.0.0 go through the router. How? Why?
I do see a 128/1 as well:
$ netstat -nr
Routing tables
Internet:
Destination Gateway Flags Refs Use Netif Expire
0/1 10.8.0.5 UGSc 63 0 utun0
default 192.168.7.254 UGSc 5 0 en0
...
128.0/1 10.8.0.5 UGSc 42 0 utun0
...
So @Teun Vink seems to be correct.
Best Answer
Some VPNs push the default gateway (a /0 netmask) as two /1 networks: 0/1 and 128/1. Since a more specific route always wins, this forces traffic to be routed via the VPN instead of over the default gateway.