I have two default entries in my route table

Question

After connecting to my OpenVPN server, I see my routing table as:

Kernel IP routing table
Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface
default         10.199.1.5      128.0.0.0       UG        0 0          0 tun0
default         192.168.1.1     0.0.0.0         UG        0 0          0 enp0s3
10.199.1.1      10.199.1.5      255.255.255.255 UGH       0 0          0 tun0
10.199.1.5      *               255.255.255.255 UH        0 0          0 tun0
104.156.228.133 192.168.1.1     255.255.255.255 UGH       0 0          0 enp0s3
128.0.0.0       10.199.1.5      128.0.0.0       UG        0 0          0 tun0
192.168.1.0     *               255.255.255.0   U         0 0          0 enp0s3

I'm confused with the two default entries and how to interpret it.

With a normal IP, the Genmask bitwise-AND with the destination to determine which entry matches. But how does Genmask work with "default"?

In the example above, what packets would get sent to 10.199.1.5 and what gets sent to 192.168.1.1?

I'm trying to fwmark packets intended for port 22 (SSH) and then force the default route for those packets to my default router rather than my VPN. But I'd also like to understand the routing table fully before messing with it.

Answer 1

default ist just an alias for 0.0.0.0. You can see that if you enter

$ route -n

If I edit that in your table and shuffle the entries around a bit it looks like that:

Kernel IP routing table
Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface
0.0.0.0         10.199.1.5      128.0.0.0       UG        0 0          0 tun0
128.0.0.0       10.199.1.5      128.0.0.0       UG        0 0          0 tun0
0.0.0.0         192.168.1.1     0.0.0.0         UG        0 0          0 enp0s3
10.199.1.1      10.199.1.5      255.255.255.255 UGH       0 0          0 tun0
10.199.1.5      *               255.255.255.255 UH        0 0          0 tun0
104.156.228.133 192.168.1.1     255.255.255.255 UGH       0 0          0 enp0s3
192.168.1.0     *               255.255.255.0   U         0 0          0 enp0s3

Aha! So now you have 0.0.0.0 with a netmask of 128.0.0.0, and also 128.0.0.0 with a netmask of 128.0.0.0. Those two together map the entire internet. But as the netmask 128.0.0.0 is more specific than 0.0.0.0 they take precedence over the 'standard' default route.

Ergo all traffic is forwarded towards tun0 (a full tunnel) with the exception of 104.156.228.133 (VPN endpoint) and 192.168.1.0/24 (your local network).

This is a neat trick OpenVPN uses to override the default gateway without actually changing it.

Answer 2

Only packets that are using the tun0 interface will use the default gateway of 192.168.1.1. This behavior can be modified by changing the "weights" of the different routes. See https://unix.stackexchange.com/questions/23820/what-is-the-routing-behaviour-when-two-or-more-default-routes for more information.