Linux – Increasing the metric of default route in CentOS with DHCP

centoslinuxroute

I am setting up a server (VM to be precise) that runs CentOS 6.4. I have an eth0 adapter on the CentOS machine that has connection to the Internet (through a bridged network on the host). The eth0 adapter is configured through DHCP. So far, so good.

I also want to have a VPN client running on the server and to have it connect through the tun0 adapter to the Internet. The VPN client connects successfully using OpenVPN. It produces a default route with metric 0.

So, first of all, this is possible, right? Second, as far as I understand, there are 2 ways to go about this: increase the metric of the route that runs through eth0 or decrease the metric of the route that runs through tun0.

I have attempted to do both, but have been unsuccessful so far. I have tried these: adding a METRIC=100 line in /etc/sysconfig/network-scripts/ifcfg-eth0, however it does not change the metric of the route.

I have also tried adding a metric option to the client.conf file for OpenVPN. This also had no effect (I believe this to be due to there being a pull option in this file).

My most radical idea was to manually delete the route for eth0 and replace it with the same route, but with higher metric. Unfortunately, I can not do that either, as restarting the network will reset the settings and having a daemon running that does it all the time doesn't seem a good solution.

I am open to suggestions and ideas.
Thanks.

Best Answer

So if I understand the problem correctly then you basically have a computer with an interface set to DHCP, and you want to connect to a VPN and pass all your traffic through the VPN.

You are having problems when the DHCP server renews the lease it is re-adding the gateway provided by the DHCP server.

I suggest you update your client.conf and replace the redirect-gateway option with the redirect-gateway def1. This instructs OpenVPN to add two routes that are more specific than the default gateway instead of removing the pre-existing default gateway and adding a new one.

When you use redirect-gateway def1 you get a route table that looks somewhat like below. Since the most specific matching route is the one that is used, the routes for 0.0.0.0/1, and 128.0.0.0/1 take precednce over the default route, but without the messy business of having to remove/replace the default route. It also removes the requirement that you make sure no other software change the default route.

# ip route
10.3.195.17 dev tun_rem  proto kernel  scope link  src 10.3.195.18 
172.26.222.0/23 dev eth1  proto kernel  scope link  src 172.26.222.204 
0.0.0.0/1 via 10.3.195.17 dev tun_rem 
128.0.0.0/1 via 10.3.195.17 dev tun_rem
default via 172.26.222.1 dev eth1

If the redirect-gateway setting is not being set in your client.conf, then you may need to also add the "route-nopull option to ignore the routes being pulled from the VPN server.

Best Answer

Related Solutions

Centos – Trixbox CentOS Default GW Problem (Multi-homed server)

Linux – multicast routing – CentOS 5

Related Topic