Dear All!

We have a very interesting problem!
VPN client running on Mikrotik router picks up 128.0.0.0/1 route after connection. (thus half the internet becomes inaccessible)

/ip route/print
Flags: D - DYNAMIC; A - ACTIVE; c - CONNECT, v - VPN
Columns: DST-ADDRESS, GATEWAY, DISTANCE
DST-ADDRESS GATEWAY DISTANCE
DAv 0.0.0.0/0 ISP 1
DAc 128.0.0.0/1 ovpn-office 0
DAc 10.0.108.0/24 LAN 0
DAc 10.0.0.1/32 ISP 0
DAv 172.31.112.1/32 ovpn-office 1

redirect-gateway is not configured on the server side.
Why are you taking this route?

Router settings:
/interface ovpn-client
add auth=sha256 certificate=full.pem_0 cipher=aes256-cbc connect-to=x.x.x.x mac-address=x:x:x:… max-mtu=1492 name=ovpn-office port=11196 use-peer-dns=no user=aaaa

0 RH name=“ovpn-office” mac-address=x:x:x:… max-mtu=1492 connect-to=x.x.x.1 port=11196 mode=ip protocol=tcp user=“aaaa” password=“” profile=default certificate=full.pem_0 verify-server-certificate=no
tls-version=any auth=sha256 cipher=aes256-cbc use-peer-dns=no add-default-route=no route-nopull=no



Router info:
installed-version: 7.17

routerboard: yes
board-name: hAP ac^3
model: RBD53iG-5HacD2HnD
serial-number: HDA084ADPNY
firmware-type: ipq4000
factory-firmware: 7.5
current-firmware: 7.17
upgrade-firmware: 7.17

the flag is c - CONNECT.

what is the output of ip/address/pr ?

Yes!
I see what's wrong here...

/ip address/print
Flags: D - DYNAMIC
Columns: ADDRESS, NETWORK, INTERFACE

ADDRESS NETWORK INTERFACE

0 10.0.108.1/24 10.0.108.0 LAN
1 D x.x.x.x/32 10.0.0.1 ISP
2 D 172.31.112.13/1 128.0.0.0 ovpn-office

server side fix-ip config for ovpn-key:
ifconfig-push 172.31.112.13 172.31.112.14

I fixed it and routing is fine. (mask: 255.255.255.0)
According to this, in case of an "incorrect mask", it does not stop, but takes an incorrect route.

Thx!