Don't route rfc1918 (private network) addresses
With enabled riseup-vpn I tried to connect to a IP on my lan, and realized that private network addresses get routed through the VPN:
❯ mtr -n -r -c 1 10.27.65.137
Start: 2020-10-07T00:24:46+0200
HOST: foo Loss% Snt Last Avg Best Wrst StDev
1.|-- 10.41.0.1 0.0% 1 30.5 30.5 30.5 30.5 0.0
2.|-- 51.158.144.1 0.0% 1 31.7 31.7 31.7 31.7 0.0
3.|-- 51.158.8.172 0.0% 1 30.7 30.7 30.7 30.7 0.0
4.|-- ??? 100.0 1 0.0 0.0 0.0 0.0 0.0
❯ ip a show dev wlp3s0
3: wlp3s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
link/ether ... brd ff:ff:ff:ff:ff:ff
inet 10.27.13.186/24 brd 10.27.13.255 scope global dynamic noprefixroute wlp3s0
valid_lft 73438sec preferred_lft 73438sec
inet6 fe80::2a93:d3ae:4e0b:4aad/64 scope link noprefixroute
valid_lft forever preferred_lft forever
It doesn't matter if the address has a route set or not, all rfc1918 will get routed via VPN. If this is by design then I'd love to have a config option to op-out and exclude rcf1918 addresses from the VPN.