affordableCebu
Home » Questions » Computers [ Ask a new question ]

How can I make the Windows VPN route selective traffic (by destination network)?

How can I make the Windows VPN route selective traffic (by destination network)?

I want to use a Windows VPN but only for a particular network, so that it doesn't take over my entire network connection.

Asked by: Guest | Views: 363
Total answers/comments: 5
bert [Entry]

"You can turn off taking over your entire connection by going to the properties of the VPN, Networking tab, Internet Protocol (TCP/IP) properties, Advanced, untick Use default gateway on remote network. This may or may not leave a route to 192.168.123.0/24 depending on the VPN server's setup. If it doesn't, you'll have to manually add the route each time, although you could put it in a batch file.

In order to manually add the route, run (as administrator):

route -p add 192.168.0.12 mask 255.255.255.255 10.100.100.254

This example will make a persistent (it's not necessary to run the command after a reboot) route to the IP 192.168.0.12 through the VPN gateway 10.100.100.254.

More about this at http://technet.microsoft.com/en-us/library/bb878117.aspx"
bert [Entry]

"I successfully used @TRS-80's technique to achieve this.

I work from home and have to VPN onto the corporate network for my email (I hate webmail!!).

At the same time, I need to be constantly surfing for info and also need youtube for my background music... Now you definitely don't want to stream youtube off a VPN since that makes it sound like a Robot Singing!!! :)

All I did was follow @TRS-80:

properties of the VPN, Networking tab, ""Internet Protocol (TCP/IP)""
properties, Advanced, untick ""Use default gateway on remote network""

and then did my own:

under DNS tab, tick ""register this connections addresses in DNS""

All works seamlessly!"
bert [Entry]

"I found that it needed to directly point interface in route command. Without it, Windows going to use main network card interface, instead of VPN. In my case, it looks like

route -p add 192.168.10.187 mask 255.255.255.255 0.0.0.0 IF 26
:: ^destination ^mask ^gateway ^interface

note the 'IF 26'."
bert [Entry]

if you have both IPV4 and IPV6 you have to uncheck the "Use default gateway on remote network" in both places, even if you only use IPV4
bert [Entry]

"If you use the CMAK and setup a routing file that the client can download... windows will download the routing file & adjust routes as appropriate. There are options to remove the default route... and add various static routes & such. This is known as a split-tunnel btw.

There is a good how-to here: http://blogs.technet.com/b/rrasblog/archive/2007/06/11/split-tunnelling-using-cmak.aspx"