Question : Setting Static Routes on Windows VPN Client

I have a Windows 2003 AD Network split into two subnets - 192.168.0.x and 192.168.1.x.

On the 192.168.1.x network we have a Draytek Vigor 3300V acting as a VPN Router at 192.168.1.1.

VPN users access the VPN using the standard Windows VPN Client. DHCP gives out IP addresses in the range of 192.168.1.225-250 to new VPN connections.

With the TCP/IP option "Use Default Gateway on Remote Network" turned on, browsing all remote services on both the 192.168.0.x and 192.168.1.x subnets is fine - but of course all Internet traffic is all pushed down the VPN route, rather than locally. This is not desirable.

If "Use Default Gateway on Remote Network" is turned off, the end-user can only browse services on the 192.168.1.x subnet, and can't reach the 192.168.0.x subnet.

I've been unable to find a way to use the Windows ROUTE command to add a static route to the 1.x subnet as the IP address of the VPN gateway changes each time the user logs on. It might be 192.168.1.225, next time .226 or .230 - depending on the number of users logged onto the VPN before them.

Can anyone offer any advice as to the best way to setup a Static Route so that 192.168.0.x traffic is routed down the VPN client, but Internet traffic is not?

Regards,

Richard Tubb.

Answer : Setting Static Routes on Windows VPN Client

Ok I found a solution for this it's kinda messy to setup but it works fine once it's setup and you don't have to assign a static IP to each VPN user.

Make 2 batch files (I chose to put them in the root of each users remote machine so they run the fastest)
Ist batch file called adder.bat has one line in it for each route that you want to add. I needed to add 4 routes so mine looks like this.

route add 192.168.71.0 MASK 255.255.255.0 %2
route add 10.10.101.0 MASK 255.255.255.0 %2
route add 10.10.102.0 MASK 255.255.255.0 %2
route add 192.168.2.0 MASK 255.255.255.0 %2

Make another Batch file called fixroute.bat that has this in it:

route DELETE 192.168.71.0
route delete 192.168.2.0
route delete 10.10.101.0
route delete 10.10.102.0
route print 192.195.100.0 | find "192.195.100.0" > c:\tempIP.bat
c:\FR.exe c:\tempIP.bat "192.195.100.0" "c:\adder.bat" /O /P
c:\tempip.bat

The 4 route delete statements are to clear out any old routes in preperation for adding the correct ones. The route print statement basically just dumps the route statements that gets created from the VPN so you have the Latest assigned IP that the VPN client setup dumped to the tempip.bat file. In my case our primary network that they VPN into is 192.195.100.0 so that is what I print and then subsequently search for with the find statement.

The FR.EXE line runs a utility program that I have that searches and replaces a string of text within a given text file and replaces with another. You will have to find your own fr.exe program. It's not very expensive though and very handy.

The last line then runs the created .bat file that subsequently calls the adder.bat with the correct command line parameters to add the routes.

Basically I copy the 3 files to root of their C drive (Adder.bat, fixroute.bat and fr.exe) and then make a desktop shortcut called "Fix routing Table" that points to fixroute.bat that the users know to run right after they get the VPN connected. If they bring their laptop back into the office and connect locally they also need to run it again to clear out the (then unneeded) static routes.

Their is probably a much smoother way of doing this with a VBscript, but I use what I know.

Dan Espich
IT Administrator
Petroleum Traders

Random Solutions

SSL Certificate and Alias

php redirect which also changes the source of an iframe

Deploy Servlets in Weblogic server 7.0 ---Help me please

Sort within sorted in excel pivot table

VICIDialNow Autodial

COM Object to c++ Header

IP adress conflicts

How ttl helped to propagate dns record

150+ user wireless network with 300m linear spread