Openvpn not removing ip routes after close. rtnl generic error no such process

Question

I have an issue with my vpn. It is connecting perfectly fine. I added /etc/openvpn/update-systemd-resolved to the vpn profile, provided by my company.

The problem comes, when I shut down the connection. In the output I see an error message:

2024-01-19 09:03:19 us=134616 sitnl_send: rtnl: generic error (-3): No such process>
2024-01-19 09:03:19 us=134629 ERROR: Linux route delete command failed

and as a result, all ip-routes set-up by vpn are still there.

My openvpn profile is:

client
dev tun
proto tcp
verify-x509-name "C=DE, ST=Rheinland-Pfalz, L=Kaiserslautern, O=WIPOTEC GmbH, OU=OU, CN=SophosApplianceCertificate_X650044Y4CQBH3A, [email protected]"
route remote_host 255.255.255.255 net_gateway
resolv-retry infinite
nobind
persist-key
persist-tun
</ certifactes hidden />
auth-user-pass
cipher AES-128-CBC
auth SHA256
comp-lzo yes
;can_save no
;otp no
;run_logon_script no
;auto_connect 
route-delay 4
verb 3
reneg-sec 0
remote vpn.wipotec.com 1194
script-security 2
up /etc/openvpn/update-systemd-resolved
up-restart
down /etc/openvpn/update-systemd-resolved
down-pre

I am running openvpn on ubuntu 22.04:

% openvpn --version                                                                                                                      :( 130 24-01-19 - 9:03:25
OpenVPN 2.5.9 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Sep 29 2023
library versions: OpenSSL 3.0.2 15 Mar 2022, LZO 2.10
Originally developed by James Yonan
Copyright (C) 2002-2022 OpenVPN Inc <[email protected]>
Compile time defines: enable_async_push=no enable_comp_stub=no enable_crypto_ofb_cfb=yes enable_debug=yes enable_def_auth=yes enable_dependency_tracking=no enable_dlopen=unknown enable_dlopen_self=unknown enable_dlopen_self_static=unknown enable_fast_install=needless enable_fragment=yes enable_iproute2=no enable_libtool_lock=yes enable_lz4=yes enable_lzo=yes enable_maintainer_mode=no enable_management=yes enable_multihome=yes enable_option_checking=no enable_pam_dlopen=no enable_pedantic=no enable_pf=yes enable_pkcs11=yes enable_plugin_auth_pam=yes enable_plugin_down_root=yes enable_plugins=yes enable_port_share=yes enable_selinux=no enable_shared=yes enable_shared_with_static_runtimes=no enable_silent_rules=no enable_small=no enable_static=yes enable_strict=no enable_strict_options=no enable_systemd=yes enable_werror=no enable_win32_dll=yes enable_x509_alt_username=yes with_aix_soname=aix with_crypto_library=openssl with_gnu_ld=yes with_mem_check=no with_openssl_engine=yes with_sysroot=no

Right now, I need to manually remove the ip-routes with:

sudo ip route del <route entry>

Any thoughts and help is highly appreciated.

The entire log:

2024-01-19 09:20:02 WARNING: Compression for receiving enabled. Compression has been used in the past to break encryption. Sent packets are not compressed unless "allow-compression yes" is also set.
2024-01-19 09:20:02 DEPRECATED OPTION: --cipher set to 'AES-128-CBC' but missing in --data-ciphers (AES-256-GCM:AES-128-GCM). Future OpenVPN version will ignore --cipher for cipher negotiations. Add 'AES-128-CBC' to --data-ciphers or change --cipher 'AES-128-CBC' to --data-ciphers-fallback 'AES-128-CBC' to silence this warning.
2024-01-19 09:20:02 OpenVPN 2.5.9 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Sep 29 2023
2024-01-19 09:20:02 library versions: OpenSSL 3.0.2 15 Mar 2022, LZO 2.10
Enter Auth Username: xxxxxxxxxx
🔐 Enter Auth Password: ********************    
2024-01-19 09:20:12 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
2024-01-19 09:20:12 TCP/UDP: Preserving recently used remote address: [AF_INET]212.43.72.200:1194
2024-01-19 09:20:12 Socket Buffers: R=[131072->131072] S=[16384->16384]
2024-01-19 09:20:12 Attempting to establish TCP connection with [AF_INET]212.43.72.200:1194 [nonblock]
2024-01-19 09:20:12 TCP connection established with [AF_INET]212.43.72.200:1194
2024-01-19 09:20:12 TCP_CLIENT link local: (not bound)
2024-01-19 09:20:12 TCP_CLIENT link remote: [AF_INET]212.43.72.200:1194
2024-01-19 09:20:12 TLS: Initial packet from [AF_INET]212.43.72.200:1194, sid=66d48187 6cc195fe
2024-01-19 09:20:12 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
2024-01-19 09:20:12 VERIFY OK: depth=1, C=DE, xxxxxxxxxxxxx
2024-01-19 09:20:12 VERIFY X509NAME OK: C=DE, xxxxxxxxxxxxx 
2024-01-19 09:20:12 VERIFY OK: depth=0, C=DE, xxxxxxxxxxxxx
2024-01-19 09:20:12 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, peer certificate: 2048 bit RSA, signature: RSA-SHA256
2024-01-19 09:20:12 [SophosApplianceCertificate_X650044Y4CQBH3A] Peer Connection Initiated with [AF_INET]212.43.72.200:1194
2024-01-19 09:20:13 SENT CONTROL [SophosApplianceCertificate_X650044Y4CQBH3A]: 'PUSH_REQUEST' (status=1)
2024-01-19 09:20:13 PUSH: Received control message: 'PUSH_REPLY,route-gateway 172.30.251.193,sndbuf 0,rcvbuf 0,ping 45,ping-restart 180,route 172.18.87.12 255.255.255.255,route 172.18.83.0 255.255.255.0,route 172.18.85.0 255.255.255.0,route 172.18.87.0 255.255.255.0,route 172.18.88.0 255.255.255.0,route 172.18.81.13 255.255.255.255,route 172.18.81.14 255.255.255.255,topology subnet,route remote_host 255.255.255.255 net_gateway,inactive 900 7680,dhcp-option DNS 172.18.81.13,dhcp-option DNS 172.18.81.14,dhcp-option DOMAIN intern.wipotec.de,ifconfig 172.30.251.195 255.255.255.0,peer-id 0,cipher AES-256-GCM'
2024-01-19 09:20:13 OPTIONS IMPORT: timers and/or timeouts modified
2024-01-19 09:20:13 OPTIONS IMPORT: --sndbuf/--rcvbuf options modified
2024-01-19 09:20:13 Socket Buffers: R=[131072->131072] S=[87040->87040]
2024-01-19 09:20:13 OPTIONS IMPORT: --ifconfig/up options modified
2024-01-19 09:20:13 OPTIONS IMPORT: route options modified
2024-01-19 09:20:13 OPTIONS IMPORT: route-related options modified
2024-01-19 09:20:13 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
2024-01-19 09:20:13 OPTIONS IMPORT: peer-id set
2024-01-19 09:20:13 OPTIONS IMPORT: adjusting link_mtu to 1627
2024-01-19 09:20:13 OPTIONS IMPORT: data channel crypto options modified
2024-01-19 09:20:13 Data Channel: using negotiated cipher 'AES-256-GCM'
2024-01-19 09:20:13 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
2024-01-19 09:20:13 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
2024-01-19 09:20:13 net_route_v4_best_gw query: dst 0.0.0.0
2024-01-19 09:20:13 net_route_v4_best_gw result: via 192.168.40.1 dev wlp0s20f3
2024-01-19 09:20:13 ROUTE_GATEWAY 192.168.40.1/255.255.255.0 IFACE=wlp0s20f3 HWADDR=14:75:5b:37:03:c0
2024-01-19 09:20:13 TUN/TAP device tun0 opened
2024-01-19 09:20:13 net_iface_mtu_set: mtu 1500 for tun0
2024-01-19 09:20:13 net_iface_up: set tun0 up
2024-01-19 09:20:13 net_addr_v4_add: 172.30.251.195/24 dev tun0
2024-01-19 09:20:13 /etc/openvpn/update-systemd-resolved tun0 1500 1555 172.30.251.195 255.255.255.0 init
<14>Jan 19 09:20:13 update-systemd-resolved: Link 'tun0' coming up
<14>Jan 19 09:20:13 update-systemd-resolved: Adding IPv4 DNS Server 172.18.81.13
<14>Jan 19 09:20:13 update-systemd-resolved: Adding IPv4 DNS Server 172.18.81.14
<14>Jan 19 09:20:13 update-systemd-resolved: Adding DNS Domain intern.wipotec.de
<14>Jan 19 09:20:13 update-systemd-resolved: SetLinkDNS(10 2 2 4 172 18 81 13 2 4 172 18 81 14)
<14>Jan 19 09:20:13 update-systemd-resolved: SetLinkDomains(10 1 intern.wipotec.de false)
2024-01-19 09:20:17 net_route_v4_add: 212.43.72.200/32 via 192.168.40.1 dev [NULL] table 0 metric -1
2024-01-19 09:20:17 net_route_v4_add: 172.18.87.12/32 via 172.30.251.193 dev [NULL] table 0 metric -1
2024-01-19 09:20:17 net_route_v4_add: 172.18.83.0/24 via 172.30.251.193 dev [NULL] table 0 metric -1
2024-01-19 09:20:17 net_route_v4_add: 172.18.85.0/24 via 172.30.251.193 dev [NULL] table 0 metric -1
2024-01-19 09:20:17 net_route_v4_add: 172.18.87.0/24 via 172.30.251.193 dev [NULL] table 0 metric -1
2024-01-19 09:20:17 net_route_v4_add: 172.18.88.0/24 via 172.30.251.193 dev [NULL] table 0 metric -1
2024-01-19 09:20:17 net_route_v4_add: 172.18.81.13/32 via 172.30.251.193 dev [NULL] table 0 metric -1
2024-01-19 09:20:17 net_route_v4_add: 172.18.81.14/32 via 172.30.251.193 dev [NULL] table 0 metric -1
2024-01-19 09:20:17 net_route_v4_add: 212.43.72.200/32 via 192.168.40.1 dev [NULL] table 0 metric -1
2024-01-19 09:20:17 Initialization Sequence Completed
^C2024-01-19 09:20:25 event_wait : Interrupted system call (code=4)
2024-01-19 09:20:25 net_route_v4_del: 212.43.72.200/32 via 192.168.40.1 dev [NULL] table 0 metric -1
2024-01-19 09:20:25 net_route_v4_del: 172.18.87.12/32 via 172.30.251.193 dev [NULL] table 0 metric -1
2024-01-19 09:20:25 net_route_v4_del: 172.18.83.0/24 via 172.30.251.193 dev [NULL] table 0 metric -1
2024-01-19 09:20:25 net_route_v4_del: 172.18.85.0/24 via 172.30.251.193 dev [NULL] table 0 metric -1
2024-01-19 09:20:25 net_route_v4_del: 172.18.87.0/24 via 172.30.251.193 dev [NULL] table 0 metric -1
2024-01-19 09:20:25 net_route_v4_del: 172.18.88.0/24 via 172.30.251.193 dev [NULL] table 0 metric -1
2024-01-19 09:20:25 net_route_v4_del: 172.18.81.13/32 via 172.30.251.193 dev [NULL] table 0 metric -1
2024-01-19 09:20:25 net_route_v4_del: 172.18.81.14/32 via 172.30.251.193 dev [NULL] table 0 metric -1
2024-01-19 09:20:25 net_route_v4_del: 212.43.72.200/32 via 192.168.40.1 dev [NULL] table 0 metric -1
2024-01-19 09:20:25 sitnl_send: rtnl: generic error (-3): No such process
2024-01-19 09:20:25 ERROR: Linux route delete command failed
2024-01-19 09:20:25 /etc/openvpn/update-systemd-resolved tun0 1500 1555 172.30.251.195 255.255.255.0 init
<14>Jan 19 09:20:25 update-systemd-resolved: Link 'tun0' going down
2024-01-19 09:20:25 Closing TUN/TAP interface
2024-01-19 09:20:25 net_addr_v4_del: 172.30.251.195 dev tun0
2024-01-19 09:20:25 SIGINT[hard,] received, process exiting