On Sat, Feb 06, 2021 at 12:18:40PM +0000, James wrote: > I've disabled my VPN on the machine as well as dhclient, connecting via a > fixed static IP address and DNS servers. My routing table is still being > modifed by PID 0 (which I assume to be the kernel) every 30 minutes or so. > Ntpd is also disabled. > > I have also caught my machine communicating to one the of the IPs via TCP > and have a pcap dump from wireshark. No actual data was sent other than a > TCP timestamp. > > > If your default route is a VPN, > > please show how you establish the VPN to be your default route. > > > The default route is established mannually in a script that is run after the > VPN starts. Essentially it does the following: > > route add $VPN_HOST $DEFAULT_GW > > route change default $VPN_HOST > > > I do not belive the VPN to be the cause of this problem. > > > Any tips on debugging the kernel to track the cause of these route changes > would be greatly appreciated. > > > Thanks, >
The kernel uses the routing table to store things like PMTU discovery data and ARP entries, -Otto