I think I know the answer to this but please allow me to ask the question at least to clarify it in my mind and for confirmation...
I am running my ISP provided DSL Modem/router box in "transparent bridged" mode per the configuration Web interface. The Internet IP address is thus assigned to the PC connected to the Modem/router. The PC is running CentOS 7.4 and has two NICs. One is connected to the Modem/router and the second is "Shared to other computers" with network manager and serves to pass traffic to my LAN. Here is the routing table
Code:
[ken@taylor16 ~]$ netstat -r
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
default nc-71-0-16-1.dh 0.0.0.0 UG 0 0 0 p1p2
10.42.0.0 0.0.0.0 255.255.255.0 U 0 0 0 enp0s20u1
71.0.16.0 0.0.0.0 255.255.248.0 U 0 0 0 p1p2
The entry under Gateway on the first line
nc-71-0-16-1.dh is I suspect the ISP's "black box" from which the DSL signal originates. (It used to be called the "Central Office" from which I was always too far away for DSL service.) Am I correct in assuming that this device performs routing of my traffic after it leaves the PC and is passed via DSL to the Internet? If so, that is well and good until...
When I connect to a VPN using openvpn I see the following routing table
Code:
[ken@taylor16 ~]$ netstat -r
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
0.0.0.0 10.8.8.1 128.0.0.0 UG 0 0 0 tun0
default nc-71-0-16-1.dh 0.0.0.0 UG 0 0 0 p1p2
10.8.8.0 0.0.0.0 255.255.255.0 U 0 0 0 tun0
10.42.0.0 0.0.0.0 255.255.255.0 U 0 0 0 enp0s20u1
ip124.67-202-83 nc-71-0-16-1.dh 255.255.255.255 UGH 0 0 0 p1p2
71.0.16.0 0.0.0.0 255.255.248.0 U 0 0 0 p1p2
128.0.0.0 10.8.8.1 128.0.0.0 UG 0 0 0 tun0
If I understand correctly the kernel reads the table from the top looking for a route for a given packet. In this case outbound traffic would be handled by the first line and passed to my VPN - provided the VPN is accepting traffic. That is a good thing.
The next point of confusion is Destination
ip124.67-202-83. What ever is that? It appears to be going to the ISP's black box router "thing" and is bypassing my VPN tunnel. The
H flag indicates "Only a single host can be reached through the route." from what I can find. That would correspond with the ISP black box theory. What sort of traffic would be directed to that specific device?
TIA,
Ken