How to ADD Static Route on a VPN

  • Thread starter Thread starter Mike
  • Start date Start date
M

Mike

Hello,
Here is what I have:
1. RRAS server running on WIN2K configured for VPN (PPTP)
inbound connection.
2. The win2k server IP is: 192.168.0.12 MASK 255.255.255.0
3. The VPN server is configured to give static IP's from
192.168.0.190 to 192.168.0.194. Now 192.168.0.190 becomes
the Server IP, and clients get the one that is available.
4. On my gatway, which is 192.168.0.1, I have other LAN's
connected as well. Network 192.168.1.0 and 192.168.2.0.

This is what I want:
When someone connects on the VPN tunnel, they can only
ping the 192.168.0.0 network.
How can I make the VPN connection automatically establish
routes to other two networks. I can do that by adding the
route manually on the client machine, but I want this
done AUTOMATICALLY.

I have tried adding static routes in the IP ROUTING
table, and also in the ACTIVE DIRECTORY user's DIALIN
tab. Doesn't work.

Can anyone help please?
 
Add a static route in the Routing and Remote Access service that will send
the traffic to the next hop inbound router. That router has to know where
everything is internally and how to get back to the VPN server. Assume you
want the entire 192.168 network allowed:

192.168.0.0 255.255.0.0 -> routerIP

A route like this will send all traffic destined for 192.168.xxx.xxx at the
router and the router would send it back to the VPN server.

Ray
 
There are really two things to consider here. What the VPN server does
and also what the remote client does.

By default, the client will send all traffic to the VPN server. But if
you clear the "use default gateway.." box in the connection's properties,
this won't happen. If you have done this, only 192.168.0 traffic will be
coming over the VPN link. Adding routes is hard, because the gateway you
need to use doesn't exist until the connection is made. You need a script
which can find out what the received IP for the connection is, then plug
that value into a route add command.

If you have not altered that, you should be able to see the other
subnets without any extra routing. The VPN server acts as a proxy for the
remote client, so the remote client should be able to get to any subnet the
server can reach. Personally I never trust it to do so. I put the remotes in
their own subnet and route the traffic through the VPN server as if it was a
simple IP router.
 
Back
Top