One other thing I meant to include, is the two /1 routes (mask 128.0.0.0) forces the machine to speak using the 44-net address (44.136.33.1) as a source, rather than the public IP assigned by Vultr (149.28.162.1). The two /1 routes override the default route, because the mask is longer. Without those two /1 routes, the default route will use 149.28.162.1 as its source. All the clients use the vultr assigned address (149.28.162.1) as the destination for their tunnel.
-Dave K9DC Indianapolis
On Nov 23, 2020, at 09:37, Dave Gingrich via 44Net 44net@mailman.ampr.org wrote:
Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface44.136.33.0 149.28.162.0 0.0.0.0 255.255.254.0 U 0 0 0 ens3 44.136.33.2 0.0.0.0 255.255.255.0 UG 0 0 0 tun0 44.136.33.0 0.0.0.0 255.255.255.0 U 0 0 0 ens3 44.136.33.2 0.0.0.0 255.255.255.255 UH 0 0 0 tun0 0.0.0.0 44.136.33.1 128.0.0.0 UG 0 0 0 ens3 128.0.0.0 44.136.33.1 128.0.0.0 UG 0 0 0 ens3 0.0.0.0 149.28.162.1 0.0.0.0 UG 0 0 0 ens3 169.254.169.254 149.28.162.1 255.255.255.255 UGH 0 0 0 ens3