connectivity check incorrectly using VPN interface
I have NM configured with a VPN to another site. I do not have that site selected to be the default route for the machine however. Only traffic for that remote network should be (and is) sent over the VPN connection.
Except the "connectivity check" pings. Despite my default route being through the regular Ethernet interface, NM is sending the connectivity check pings through the VPN interface.
Using NM version 1.20.8[-1.fc31.x86_64] on Fedora 31.
# nmcli c s example.com
connection.id: example.com
connection.uuid: a7b8f3f1-5cbe-48a1-8a11-5c7274c84b93
connection.stable-id: --
connection.type: vpn
connection.interface-name: --
connection.autoconnect: no
connection.autoconnect-priority: 0
connection.autoconnect-retries: -1 (default)
connection.multi-connect: 0 (default)
connection.auth-retries: -1
connection.timestamp: 1575291078
connection.read-only: no
connection.permissions: --
connection.zone: example_vpn
connection.master: --
connection.slave-type: --
connection.autoconnect-slaves: -1 (default)
connection.secondaries: --
connection.gateway-ping-timeout: 0
connection.metered: no
connection.lldp: default
connection.mdns: -1 (default)
connection.llmnr: -1 (default)
connection.wait-device-timeout: -1
ipv4.method: auto
ipv4.dns: --
ipv4.dns-search: --
ipv4.dns-options: --
ipv4.dns-priority: 0
ipv4.addresses: --
ipv4.gateway: --
ipv4.routes: --
ipv4.route-metric: -1
ipv4.route-table: 0 (unspec)
ipv4.routing-rules: --
ipv4.ignore-auto-routes: no
ipv4.ignore-auto-dns: no
ipv4.dhcp-client-id: --
ipv4.dhcp-timeout: 0 (default)
ipv4.dhcp-send-hostname: yes
ipv4.dhcp-hostname: --
ipv4.dhcp-fqdn: --
ipv4.never-default: yes
ipv4.may-fail: yes
ipv4.dad-timeout: -1 (default)
ipv6.method: auto
ipv6.dns: --
ipv6.dns-search: --
ipv6.dns-options: --
ipv6.dns-priority: 0
ipv6.addresses: --
ipv6.gateway: --
ipv6.routes: --
ipv6.route-metric: -1
ipv6.route-table: 0 (unspec)
ipv6.routing-rules: --
ipv6.ignore-auto-routes: no
ipv6.ignore-auto-dns: no
ipv6.never-default: yes
ipv6.may-fail: yes
ipv6.ip6-privacy: 0 (disabled)
ipv6.addr-gen-mode: stable-privacy
ipv6.dhcp-duid: --
ipv6.dhcp-send-hostname: yes
ipv6.dhcp-hostname: --
ipv6.token: --
vpn.service-type: org.freedesktop.NetworkManager.openvpn
vpn.user-name: --
vpn.data: ca = /etc/openvpn/ca.crt, cipher = AES-256-CBC, comp-lzo = adaptive, connection-type = password, keysize = 256, password-flags = 0, remote = openvpn.example.com, username = vpn_client
vpn.secrets: <hidden>
vpn.persistent: no
vpn.timeout: 0
proxy.method: none
proxy.browser-only: no
proxy.pac-url: --
proxy.pac-script: --
GENERAL.NAME: example.com
GENERAL.UUID: a7b8f3f1-5cbe-48a1-8a11-5c7274c84b93
GENERAL.DEVICES: enp2s0
GENERAL.STATE: activated
GENERAL.DEFAULT: no
GENERAL.DEFAULT6: no
GENERAL.SPEC-OBJECT: /org/freedesktop/NetworkManager/ActiveConnection/1
GENERAL.VPN: yes
GENERAL.DBUS-PATH: /org/freedesktop/NetworkManager/ActiveConnection/62
GENERAL.CON-PATH: /org/freedesktop/NetworkManager/Settings/3
GENERAL.ZONE: example_vpn
GENERAL.MASTER-PATH: /org/freedesktop/NetworkManager/Devices/2
IP4.ADDRESS[1]: 10.8.0.2/24
IP4.GATEWAY: --
IP4.ROUTE[1]: dst = 10.75.22.0/24, nh = 10.8.0.1, mt = 50
IP4.ROUTE[2]: dst = 10.8.0.0/24, nh = 0.0.0.0, mt = 50
IP4.DNS[1]: 10.75.22.247
IP4.DOMAIN[1]: example.com
IP6.ADDRESS[1]: fd8c:5604:c29c:c562::1000/64
IP6.GATEWAY: --
IP6.ROUTE[1]: dst = 2001:123:ab:123::/64, nh = fd8c:5604:c29c:c562::1, mt = 50
IP6.ROUTE[2]: dst = fd31:aeb1:48df::/64, nh = fd8c:5604:c29c:c562::1, mt = 50
IP6.ROUTE[3]: dst = fd8c:5604:c29c:c562::1000/128, nh = ::, mt = 50
IP6.ROUTE[4]: dst = fd8c:5604:c29c:c562::1/128, nh = ::, mt = 50
IP6.DOMAIN[1]: example.com
VPN.TYPE: openvpn
VPN.USERNAME: vpn_client
VPN.GATEWAY: openvpn.example.com
VPN.BANNER: --
VPN.VPN-STATE: 5 - VPN connected
VPN.CFG[1]: ca = /etc/openvpn/ca.crt
VPN.CFG[2]: cipher = AES-256-CBC
VPN.CFG[3]: comp-lzo = adaptive
VPN.CFG[4]: connection-type = password
VPN.CFG[5]: keysize = 256
VPN.CFG[6]: password-flags = 0
VPN.CFG[7]: remote = openvpn.example.com
VPN.CFG[8]: username = vpn_client