openvpn client keeps overwriting default gateway

[mjoellnar]

Greetings,

I'm using OPNsense for a few weeks now (rpivate) and am pretty amazed by it's features and flexibility.
So far I have a working setup with a bng connection, openvpn-server, dyndns, nginx as a reverse proxy.

The only trouble i have is when i try to use openvpn-client on the box to connect to other networks.
I'd like to connect to a remote /16 as well as a remote /24 network and only tunnel that specific traffic through the interface (ovpnc2 in my case).  When I reboot opnsense it works pretty much as expected, but as soon as I reconnect the tunnel (changing config or something like that) I'm ending up with the tunnel as interface for my default gateway


Routing tables

Internet:
Destination        Gateway            Flags     Netif Expire
default            link#10            U        ovpnc2
dns.quad9.net      62.155.242.164     UGHS     pppoe0
62.155.242.164     link#13            UH       pppoe0
fw01               link#13            UHS         lo0
localhost          link#6             UH          lo0
192.168.1.0/24     link#14            U       bridge0
fw01               link#14            UHS         lo0
192.168.2.0/24     link#3             U          igb2
fw01               link#3             UHS         lo0
192.168.4.0/24     link#9             U        ovpns1
fw01               link#9             UHS         lo0


It seems like the checkboxes "Don't pull routes" and "Don't add/remove routes" in the vpn / Clients config get ignored.
I've also tried to add "route-nopull" as well as "route x.x.0.0/16" to the Advanced configuration, but still the same result as shown above.

further Information:
I'm on OPNsense 17.7.7
And the log shows this related messages:

Nov 21 21:30:48 fw01 openvpn[482]: PUSH: Received control message: 'PUSH_REPLY,route x.x.0.0 255.255.0.0,dhcp-option DNS x.x.x.1,route-gateway x.x.x.1,ping 10,ping-restart 120,ifconfig x.x.x.132 255.255.255.0,peer-id 4,cipher AES-256-GCM'
Nov 21 21:30:48 fw01 openvpn[482]: Options error: option 'route' cannot be used in this context ([PUSH-OPTIONS])
Nov 21 21:30:48 fw01 openvpn[482]: Options error: option 'route' cannot be used in this context ([PUSH-OPTIONS])
Nov 21 21:30:48 fw01 openvpn[482]: Options error: option 'dhcp-option' cannot be used in this context ([PUSH-OPTIONS])
Nov 21 21:30:48 fw01 openvpn[482]: OPTIONS IMPORT: timers and/or timeouts modified
Nov 21 21:30:48 fw01 openvpn[482]: OPTIONS IMPORT: --ifconfig/up options modified
Nov 21 21:30:48 fw01 openvpn[482]: OPTIONS IMPORT: route-related options modified


So, could someone please help me to find my mistake and give me a hint how to keep my default route untouched when openvpn-client starts?

Best regards!