Client side routing

[Paul Kleissler]

I'm trying to gain access to the internet when dialed
into a remote network via VPN. The remote network blocks
all internet access from the VPN IP address so that no
one can bypass our content filtering box. I am following
KB317025 and in that process I found KB259171. I can get
full access if I manually create the client route, but
how can I automate this? The client IP changes upon every
reconnect. Setting up static IPs for each user sounds
like a headache.

Paul

 

[Amit Padalkar [MSFT]]

If you are using a Connection Manager (CM) profile to establish connection,
then you can do this automatically.

First create simple command (.cmd) file that contains "route add NETID mask
MASK %1" (Replace NETID & MASK appropriately). e.g.routeadd.cmd
Then create CM profile. You will need Connection manager administration kit
(CMAK) for creating CM profile. During profile creation, enable VPN support.
In VPN and Dialup Networking Entries pages of CMAK wizard, uncheck "Make
this connection client's default gateway"
(http://www.microsoft.com/technet/prodtechnol/windowsserver2003/proddocs/dep
loyguide/dnsbg_rac_2_jlgd.asp). On "Custom Actions" page of CMAK, add "Post
connect" action, with "routeadd.cmd" as file and "%ClientIPAddress%" as
parameter. Complete profile creation and install that profile on your
computer. When you connect with this profile, route will get added
automatically after connection is established.

More information about CMAK can be found at:
http://www.microsoft.com/technet/prodtechnol/windowsserver2003/proddocs/standard/sag_CMAKtopnode.asp
More information about post connect actions can be found at:
http://www.microsoft.com/technet/prodtechnol/windowsserver2003/proddocs/standard/cmak_ops_44.asp
More information about CM profile creation can be found at:
http://www.microsoft.com/technet/tr...3/proddocs/deployguide/DNSBG_RAC_OVERVIEW.asp

Also take a look at
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/columns/cableguy/cg1003.asp
for alternative ways of achieving split tunneling.

 

[Paul Kleissler]

Thanks,

But I'm having trouble getting the %ClientIPAddress% to
pass to the cmd script. I added a pause to the end of my
script so I can see what happens when it runs and I see
that it is replacing the %1 in my script with %
ClientIPAddress% instead of the actual IP address. I'm
testing this on an XP Pro machine, and the sever is Win2K
standard.

Paul

-----Original Message-----
If you are using a Connection Manager (CM) profile to establish connection,
then you can do this automatically.

First create simple command (.cmd) file that contains "route add NETID mask
MASK %1" (Replace NETID & MASK appropriately). e.g.routeadd.cmd
Then create CM profile. You will need Connection manager administration kit
(CMAK) for creating CM profile. During profile creation, enable VPN support.
In VPN and Dialup Networking Entries pages of CMAK wizard, uncheck "Make
this connection client's default gateway"
(http://www.microsoft.com/technet/prodtechnol/windowsserve
r2003/proddocs/dep
loyguide/dnsbg_rac_2_jlgd.asp). On "Custom Actions" page of CMAK, add "Post
connect" action, with "routeadd.cmd" as file and "% ClientIPAddress%" as
parameter. Complete profile creation and install that profile on your
computer. When you connect with this profile, route will get added
automatically after connection is established.

More information about CMAK can be found at:
http://www.microsoft.com/technet/prodtechnol/windowsserve r2003/proddocs/standard/sag_CMAKtopnode.asp
More information about post connect actions can be found at:
r2003/proddocs/standard/cmak_ops_44.asp
More information about CM profile creation can be found at:
url=/technet/prodtechnol/windowsserver2003/proddocs/deploy
guide/DNSBG_RAC_OVERVIEW.asp

Also take a look at
http://www.microsoft.com/technet/treeview/default.asp? url=/technet/columns/cableguy/cg1003.asp
for alternative ways of achieving split tunneling.

realities.com> wrote in message