John A. Sullivan III | 28 Aug 19:57 2010

Re: 128.0.0.0/1 route

On Sat, 2010-08-28 at 19:36 +0200, Oliver Kindernay wrote:
> Hi list!
> 
> I am tunneling all my traffic through openvpn tunnel. Server
> configuration looks like this:
> 
> server 172.16.0.0 255.255.255.0
> push "redirect-gateway def1"
> 
> I am sending just relevant sections no whole configuration file. It
> works fine, this is how routing table on client looks like
> 
> Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
> 94.2X9.3X.1X3   192.168.1.1     255.255.255.255 UGH   0      0        0 eth0
> 172.16.0.0      0.0.0.0         255.255.255.0   U     0      0        0 tap0
> 192.168.1.0     0.0.0.0         255.255.255.0   U     202    0        0 eth0
> 127.0.0.0       0.0.0.0         255.0.0.0       U     0      0        0 lo
> 0.0.0.0         172.16.0.1      128.0.0.0       UG    0      0        0 tap0
> 128.0.0.0       172.16.0.1      128.0.0.0       UG    0      0        0 tap0
> 0.0.0.0         192.168.1.1     0.0.0.0         UG    202    0        0 eth0
> 
> or if you like output from ip command more (I do)
> 
> 94.2X9.3X.1X3 via 192.168.1.1 dev eth0
> 172.16.0.0/24 dev tap0  proto kernel  scope link  src 172.16.0.2
> 192.168.1.0/24 dev eth0  proto kernel  scope link  src 192.168.1.11  metric 202
> 127.0.0.0/8 dev lo  scope link
> 0.0.0.0/1 via 172.16.0.1 dev tap0
> 128.0.0.0/1 via 172.16.0.1 dev tap0
> default via 192.168.1.1 dev eth0  metric 202
> 
> What confused me is 128.0.0.0/1 entry. Why is it here? That's a mystery for me.
> 
> Thank you for explaining :)
<snip>
As far as I understand, it is a pretty clever way of replacing your
default route without replacing the original default route.  Between
0.0.0.0/128.0.0.0 and 128.0.0.0/128.0.0.0, one covers all possible
addresses.  Since these are more specific routes than 0.0.0.0/0.0.0.0,
they take precedence.  When OVPN is finished, it deletes these entries
and now 0.0.0.0/0.0.0.0 handles default routing - John

------------------------------------------------------------------------------
Sell apps to millions through the Intel(R) Atom(Tm) Developer Program
Be part of this innovative community and reach millions of netbook users 
worldwide. Take advantage of special opportunities to increase revenue and 
speed time-to-market. Join now, and jumpstart your future.
http://p.sf.net/sfu/intel-atom-d2d

Gmane