After connecting to my OpenVPN server, I see my routing table as:
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
default 10.199.1.5 128.0.0.0 UG 0 0 0 tun0
default 192.168.1.1 0.0.0.0 UG 0 0 0 enp0s3
10.199.1.1 10.199.1.5 255.255.255.255 UGH 0 0 0 tun0
10.199.1.5 * 255.255.255.255 UH 0 0 0 tun0
104.156.228.133 192.168.1.1 255.255.255.255 UGH 0 0 0 enp0s3
128.0.0.0 10.199.1.5 128.0.0.0 UG 0 0 0 tun0
192.168.1.0 * 255.255.255.0 U 0 0 0 enp0s3
I'm confused with the two default entries and how to interpret it.
With a normal IP, the Genmask bitwise-AND with the destination to determine which entry matches. But how does Genmask work with "default"?
In the example above, what packets would get sent to 10.199.1.5 and what gets sent to 192.168.1.1?
I'm trying to fwmark packets intended for port 22 (SSH) and then force the default route for those packets to my default router rather than my VPN. But I'd also like to understand the routing table fully before messing with it.
Best Answer
default ist just an alias for 0.0.0.0. You can see that if you enter
If I edit that in your table and shuffle the entries around a bit it looks like that:
Aha! So now you have 0.0.0.0 with a netmask of 128.0.0.0, and also 128.0.0.0 with a netmask of 128.0.0.0. Those two together map the entire internet. But as the netmask 128.0.0.0 is more specific than 0.0.0.0 they take precedence over the 'standard' default route.
Ergo all traffic is forwarded towards tun0 (a full tunnel) with the exception of 104.156.228.133 (VPN endpoint) and 192.168.1.0/24 (your local network).
This is a neat trick OpenVPN uses to override the default gateway without actually changing it.