I've disabled my VPN on the machine as well as dhclient, connecting via
a fixed static IP address and DNS servers. My routing table is still
being modifed by PID 0 (which I assume to be the kernel) every 30
minutes or so. Ntpd is also disabled.
I have also caught my machine communicating to one the of the IPs via
TCP and have a pcap dump from wireshark. No actual data was sent other
than a TCP timestamp.
If your default route is a VPN,
please show how you establish the VPN to be your default route.
The default route is established mannually in a script that is run after
the VPN starts. Essentially it does the following:
route add $VPN_HOST $DEFAULT_GW
route change default $VPN_HOST
I do not belive the VPN to be the cause of this problem.
Any tips on debugging the kernel to track the cause of these route
changes would be greatly appreciated.
Thanks,
