On Sat, Feb 06, 2021 at 12:18:40PM +0000, James wrote:
> I've disabled my VPN on the machine as well as dhclient, connecting via a
> fixed static IP address and DNS servers. My routing table is still being
> modifed by PID 0 (which I assume to be the kernel) every 30 minutes or so.
> Ntpd is also disabled.
>
> I have also caught my machine communicating to one the of the IPs via TCP
> and have a pcap dump from wireshark. No actual data was sent other than a
> TCP timestamp.
>
> > If your default route is a VPN,
> > please show how you establish the VPN to be your default route.
> >
> The default route is established mannually in a script that is run after the
> VPN starts. Essentially it does the following:
>
> route add $VPN_HOST $DEFAULT_GW
>
> route change default $VPN_HOST
>
>
> I do not belive the VPN to be the cause of this problem.
>
>
> Any tips on debugging the kernel to track the cause of these route changes
> would be greatly appreciated.
>
>
> Thanks,
>
The kernel uses the routing table to store things like PMTU discovery
data and ARP entries,
-Otto
