Possible to remove certain routing table entry after disconnect?

[hayburner]

Hi guys,

Great app. I've been running into an issue that I've only just figured out. I have an OpenVPN server running on my home network, and when I connect to it with Tunnelblick, everything works great. I then disconnect. Afterward, if I change wireless networks, I can no longer ping my home network. I've traced this issue down to a routing table entry that gets left after Tunnelblick disconnects.

Example: I am at school and after a fresh computer boot, I connect to a wireless network. I connect to my home OpenVPN server with Tunnelblick. 

$ netstat -nr
Destination                   Gateway
....
[home-ip]/32                 [school-router-ip-i-think] ....
....

I disconnect from the server. I change wireless networks.

$ netstat -nr
Destination                   Gateway
...
[home-ip]/32                 [school-router-ip-i-think] ...
...
$ ping [home-ip]
PING [home-ip]: 56 data bytes
ping: sendto: Network is unreachable
ping: sendto: Network is unreachable
Request timeout for icmp_seq 0
...

I can't under any circumstances connect to my home network (VPN, ping, anything) after this happens. If I then just delete the route:

$ sudo route -n delete [home-ip]
delete net [home-ip]
$ ping [home-ip]
PING [home-ip]: 56 data bytes
64 bytes from [home-ip]: icmp_seq=1 ttl=56 time=13.111 ms
64 bytes from [home-ip]: icmp_seq=1 ttl=56 time=13.111 ms
64 bytes from [home-ip]: icmp_seq=1 ttl=56 time=13.111 ms

It works fine.

I don't notice this happening when I connect and disconnect from a commercial VPN. Why does a route get left behind when I connect/disconnect from my home OpenVPN server? Is it possible to add a line to the disconnect script so that this gets removed?

Thanks for your help!

[jkbull...gmail.com]

Try enabling "Reset the primary interface after disconnecting" on the "Advanced" settings page.

Otherwise, a "post-disconnect.sh" script in the .tblk should work. See Using Scripts.

Usually problems like this are because of an error or errors in the OpenVPN configuration, either in your computer's or in something being pushed from the OpenVPN server. If not, then it is some kind of OpenVPN error; Tunnelblick has nothing to do with routing – it leaves that to OpenVPN.

[sean....@gmail.com]

"Reset primary interface" was already enabled during most of these tests, so there might be something wrong with my OpenVPN server/client configs...

Ohhh. I did not realize that Using Scripts was referring to enduser-configurable bash scripts. I definitely looked at that page while trying to figure this out, but it wasn't clear that these were scripts contained in the configuration files for each individual VPN. I went into the Tunnelblick app package trying to find them...

Anyway, maybe a link to Configuration File Locations under the Tunnelblick VPN Configuration Scripts header would make it clearer that these are pretty easily configurable. Everything is now working great.

Thanks for the reply!

-Sean

[jkbull...gmail.com]

Thanks for the suggestion. I have made changes to both Using Scripts and Configuration File Locations to try to clarify this. (I hope, anyway : )