Having experienced that problem myself, i would guess that your assumption is right and indeed every traffic is directed trough VPN.
The routes for any tunnel are sent via the freshly established connection. I don't know if there is a way to suppress certain routes.
(You can allow only a maximum number of routes to apply or choose to not use any routes by supplying --iproute /bin/true
It is a common thing that an inexperienced admin pushes the default route over the tunnel during connection.
(It's a server-side thing, you can't filter )
First of all: Could you verify by checking you routes?
e.g. use ip
The interesting line is usually first. It should begin with "default".
Is it a work VPN , can you contact the admin?
Next thing you can do is adding/modifying the line controlling verbosity in your config:
Or add --verb 3
to the command line.
Then you should be seeing lines like this in your openvpn output:
/sbin/route add -net blabla netmask blabla gw blah
I have not yet found a way to reject those routes being pushed or remove them automatically.
My solution was to simply remove the routes by hand, after they have been added. (You can't remove them before ;-) )
Or more precise: I spawn openvpn in screen
, wait for the route, detach and run a script that removes them for me.
Wait for the connection to be established and then run:
ip route del to 192.168.102.2/24 dev tun0
ip route del default
Make sure to add the right default route after deleting the bad one.
You can check how it looks by using ip route
before starting openvpn
and then add it again with
ip route add default dev eth2 # substitute for your active network device
try the man page of the ip tool (man ip route
Above all of these the ultimate solution is to have your admin reconfigure the VPN provider not to push any nonsense-routes.
Good luck :-)