How do I prevent OpenVPN from changing my default gateway?

Hi, i have a question about routing and OpenVPN.

I have an OpenVPN server account from a provider that I use as a VPN-solution. I have no control over the OpenVPN-server. I use Tunnelblick on OSX but I believe this is a pretty generic OpenVPN question. The server pushes some settings to my client and amongst other stuff it sends the "redirect-gateway def1" command which prevents OpenVPN from changing my default gateway but instead adds more specific routes so that my internet connection always uses the OpenVPN-server.

Connected to the server, a netstat -nr returns this:

0/1                 10.9.0.1           UGSc          18      0    tun0
default            192.168.10.1   UGSc          2        0     en1
10.9/16          10.9.0.68         UGSc          28      0    tun0
10.9.0.68       10.9.0.68         UH              2        0    tun0

192.168.10.1 is my ordinary gateway and 0/1 is the OpenVPN-gateway.

But what I want to do is this:

When i connect to the OpenVPN server I want to let all my traffic keep flowing through my ordinary gateway 192.168.10.1 and only add routes for a few specific sites that should go trough the VPN. Since the server connection is activated at system startup I want the VPN to be connected but not used for other than those selected sites. This can be accomplished by changing the routes in OSX terminal manually but i want the OpenVPN client to do it automatically so I dont have to think about it.

Regards
Gunnar

 

LVL 1
guidxAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

jimmyray7Commented:
I don't think the client can override settings pushed down by the server.  
0
guidxAuthor Commented:
Correction, the VPN-gateway is ofc 10.9.0.1 nothing else.

So, can anybody confirm that you can't change settings pushed by server on the client?
0
guidxAuthor Commented:
Solved it by asking on forums.openvpn.net

Got this answer that worked great:

add "route-nopull" to client config

to stop pulling the routes from the openvpn server; then add the routes that you want routed via the VPN to the client config file using

Code:
route a.b.c.d netmask1
route e.f.g.h netmask2
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
guidxAuthor Commented:
Correct solution from forums.openvpn.net
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Networking

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.