Problem with route add and VPN

[Guest]

I'm having a bit of trouble using 'route add' on Windows 2000 Server.

I have created a remote access VPN connection in Network and Dial Up
Connections and have cleared 'Use default gateway on remote network' as I do
not want the VPN connection to alter the default gateway.

I connect to VPN and I'm given an IP address on the remote subnet. I need to
access a server on a different subnet through the VPN so I create a persitant
route using:

route -p add xxx.xxx.xxx.xxx mask 255.255.255.255 xxx.xxx.xxx.xxx metric 1
if xxxxx

The route adds fine and I can ping the server I need. However after I
disconnect the VPN and then recconnect, the route no longer works. After
reconnecting the persistant route is still there but is not being followed.

I found the following on technet:

"With Windows NT 4.0 Service Pack 3 and later and with Windows 2000, the
persistent routes are not actually added to the IP routing table (and are not
visible with the route print command at the Windows 2000 command prompt)
until the IP address of the gateway is reachable. The IP address of the
gateway becomes reachable when the VPN connection is made."

(http://www.microsoft.com/technet/pr...rv/reskit/intwork/inbe_vpn_obwd.mspx?mfr=true)

From reading this it appears that the the route is not actually re-added to
the routing table after the VPN connection is reastablished for some reason.
I have tried pinging the gateway to show that it is available but the routing
table does not update. Presumably something should be checking to see if a
gateway is available but is not recognising that the VPN has come back up.

Does anyone know how to bypass this checking and force persistant routes to
be part of the routing table?

 

[Robert L [MVP - Networking]]

I don't have solution, but what I might do is create batch to add route whenever you establish the VPN. You may also want to use CMAK.This link may help too,

How to vpn automaticallyAdd pre-setup VPN auto-connection by CMAK to the Startup. 2. Create a logon batch with rasdail command to start the VPN connection. ...
http://www.howtonetworking.com/VPN/autorasdial1.htm


Bob Lin, MS-MVP, MCSE & CNE
Networking, Internet, Routing, VPN Troubleshooting on http://www.ChicagoTech.net
How to Setup Windows, Network, VPN & Remote Access on http://www.HowToNetworking.com
I'm having a bit of trouble using 'route add' on Windows 2000 Server.

I have created a remote access VPN connection in Network and Dial Up
Connections and have cleared 'Use default gateway on remote network' as I do
not want the VPN connection to alter the default gateway.

I connect to VPN and I'm given an IP address on the remote subnet. I need to
access a server on a different subnet through the VPN so I create a persitant
route using:

route -p add xxx.xxx.xxx.xxx mask 255.255.255.255 xxx.xxx.xxx.xxx metric 1
if xxxxx

The route adds fine and I can ping the server I need. However after I
disconnect the VPN and then recconnect, the route no longer works. After
reconnecting the persistant route is still there but is not being followed.

I found the following on technet:

"With Windows NT 4.0 Service Pack 3 and later and with Windows 2000, the
persistent routes are not actually added to the IP routing table (and are not
visible with the route print command at the Windows 2000 command prompt)
until the IP address of the gateway is reachable. The IP address of the
gateway becomes reachable when the VPN connection is made."

(http://www.microsoft.com/technet/pr...rv/reskit/intwork/inbe_vpn_obwd.mspx?mfr=true)

From reading this it appears that the the route is not actually re-added to
the routing table after the VPN connection is reastablished for some reason.
I have tried pinging the gateway to show that it is available but the routing
table does not update. Presumably something should be checking to see if a
gateway is available but is not recognising that the VPN has come back up.

Does anyone know how to bypass this checking and force persistant routes to
be part of the routing table?

 

[Kurt]

I second Robert's suggestion, and might add that you can create a batch
file that will start the VPN and add the route (not persistent) so it
will be a one-step process instead of a 2-step. You can connect using
"rasdial", pause a few seconds for the connection to be established,
then add the route.

....kurt

 

[Guest]

Thank you for your suggestions. Unfortunately this does not seem to work in
this case.

When I add the route it will only add sucessfully if I specify the
interface. If I do not specify the interface I get the following mesage:

"The route addition failed: Either the interface index is wrong or the
gateway does not lie on the same network as the interface. Check the IP
Address Table for the machine."

It will add without problems if I specify the interface. However each time I
make the VPN connection the interface ID is different so a batch file would
not work.

 

[Kurt]

Thank you for your suggestions. Unfortunately this does not seem to work in
this case.

When I add the route it will only add sucessfully if I specify the
interface. If I do not specify the interface I get the following mesage:

"The route addition failed: Either the interface index is wrong or the
gateway does not lie on the same network as the interface. Check the IP
Address Table for the machine."

It will add without problems if I specify the interface. However each time I
make the VPN connection the interface ID is different so a batch file would
not work.

You can specify the connection name to "dial". This works (I do it
myself). I run it in a startup script so the VPN will start back up when
the computer is rebooted.

rasdial work name password

"work" is the name of my VPN connection to my office. I need it alive
24/7 and to come back up by itself if the computer at home is rebooted.

And you can set the other end up to allow your client to specify its own
IP address, then just use the known local address as the gateway, rather
than specifying a remote address and local interface. Seems strange, but
it works.

....kurt

 

[Guest]

Yes that works great! Thank you.

Thank you for your suggestions. Unfortunately this does not seem to work in
this case.

When I add the route it will only add sucessfully if I specify the
interface. If I do not specify the interface I get the following mesage:

"The route addition failed: Either the interface index is wrong or the
gateway does not lie on the same network as the interface. Check the IP
Address Table for the machine."

It will add without problems if I specify the interface. However each time I
make the VPN connection the interface ID is different so a batch file would
not work.

I second Robert's suggestion, and might add that you can create a batch
file that will start the VPN and add the route (not persistent) so it
will be a one-step process instead of a 2-step. You can connect using
"rasdial", pause a few seconds for the connection to be established,
then add the route.

....kurt

Robert L [MVP - Networking] wrote:
I don't have solution, but what I might do is create batch to add route
whenever you establish the VPN. You may also want to use CMAK.This link
may help too,

How to vpn automatically
<http://www.howtonetworking.com/VPN/autorasdial1.htm>
Add pre-setup VPN auto-connection by *CMAK* to the Startup. 2. Create a
logon batch with rasdail command to start the VPN connection. *...*
http://www.howtonetworking.com/VPN/autorasdial1.htm


Bob Lin, MS-MVP, MCSE & CNE
Networking, Internet, Routing, VPN Troubleshooting on
http://www.ChicagoTech.net
How to Setup Windows, Network, VPN & Remote Access on
http://www.HowToNetworking.com

"armibewo" <[email protected]
I'm having a bit of trouble using 'route add' on Windows 2000 Server.

I have created a remote access VPN connection in Network and Dial Up
Connections and have cleared 'Use default gateway on remote network'
as I do
not want the VPN connection to alter the default gateway.

I connect to VPN and I'm given an IP address on the remote subnet. I
need to
access a server on a different subnet through the VPN so I create a
persitant
route using:

route -p add xxx.xxx.xxx.xxx mask 255.255.255.255 xxx.xxx.xxx.xxx
metric 1
if xxxxx

The route adds fine and I can ping the server I need. However after I
disconnect the VPN and then recconnect, the route no longer works.
After
reconnecting the persistant route is still there but is not being
followed.

I found the following on technet:

"With Windows NT 4.0 Service Pack 3 and later and with Windows 2000,
the
persistent routes are not actually added to the IP routing table
(and are not
visible with the route print command at the Windows 2000 command
prompt)
until the IP address of the gateway is reachable. The IP address of the
gateway becomes reachable when the VPN connection is made."

(http://www.microsoft.com/technet/pr...rv/reskit/intwork/inbe_vpn_obwd.mspx?mfr=true)

From reading this it appears that the the route is not actually
re-added to
the routing table after the VPN connection is reastablished for some
reason.
I have tried pinging the gateway to show that it is available but
the routing
table does not update. Presumably something should be checking to
see if a
gateway is available but is not recognising that the VPN has come
back up.

Does anyone know how to bypass this checking and force persistant
routes to
be part of the routing table?

You can specify the connection name to "dial". This works (I do it
myself). I run it in a startup script so the VPN will start back up when
the computer is rebooted.

rasdial work name password

"work" is the name of my VPN connection to my office. I need it alive
24/7 and to come back up by itself if the computer at home is rebooted.

And you can set the other end up to allow your client to specify its own
IP address, then just use the known local address as the gateway, rather
than specifying a remote address and local interface. Seems strange, but
it works.

....kurt

 

[Robert Bollinger]

I am not quite clear on the last part of the solultuon.

here is what i am tying to access the destination network:

route add 192.168.0.0 mask 255.255.255.0 10.0.0.115 IF 0x1f0006

if i type that then it works, but as you know the connection IF changes
everytimne the
the vpn connection is disconnected and reconnected.

I am not sure what he means by local address ? Can you shed some light on it?

my network 192.168.0.0 the remote networks that i adding the route for
192.168.0.0 and 10.2.3.0

Thanks,

Robert

Yes that works great! Thank you.

Thank you for your suggestions. Unfortunately this does not seem to work in
this case.

When I add the route it will only add sucessfully if I specify the
interface. If I do not specify the interface I get the following mesage:

"The route addition failed: Either the interface index is wrong or the
gateway does not lie on the same network as the interface. Check the IP
Address Table for the machine."

It will add without problems if I specify the interface. However each time I
make the VPN connection the interface ID is different so a batch file would
not work.

:

I second Robert's suggestion, and might add that you can create a batch
file that will start the VPN and add the route (not persistent) so it
will be a one-step process instead of a 2-step. You can connect using
"rasdial", pause a few seconds for the connection to be established,
then add the route.

....kurt

Robert L [MVP - Networking] wrote:
I don't have solution, but what I might do is create batch to add route
whenever you establish the VPN. You may also want to use CMAK.This link
may help too,

How to vpn automatically
<http://www.howtonetworking.com/VPN/autorasdial1.htm>
Add pre-setup VPN auto-connection by *CMAK* to the Startup. 2. Create a
logon batch with rasdail command to start the VPN connection. *...*
http://www.howtonetworking.com/VPN/autorasdial1.htm


Bob Lin, MS-MVP, MCSE & CNE
Networking, Internet, Routing, VPN Troubleshooting on
http://www.ChicagoTech.net
How to Setup Windows, Network, VPN & Remote Access on
http://www.HowToNetworking.com

"armibewo" <[email protected]
I'm having a bit of trouble using 'route add' on Windows 2000 Server.

I have created a remote access VPN connection in Network and Dial Up
Connections and have cleared 'Use default gateway on remote network'
as I do
not want the VPN connection to alter the default gateway.

I connect to VPN and I'm given an IP address on the remote subnet. I
need to
access a server on a different subnet through the VPN so I create a
persitant
route using:

route -p add xxx.xxx.xxx.xxx mask 255.255.255.255 xxx.xxx.xxx.xxx
metric 1
if xxxxx

The route adds fine and I can ping the server I need. However after I
disconnect the VPN and then recconnect, the route no longer works.
After
reconnecting the persistant route is still there but is not being
followed.

I found the following on technet:

"With Windows NT 4.0 Service Pack 3 and later and with Windows 2000,
the
persistent routes are not actually added to the IP routing table
(and are not
visible with the route print command at the Windows 2000 command
prompt)
until the IP address of the gateway is reachable. The IP address of the
gateway becomes reachable when the VPN connection is made."

(http://www.microsoft.com/technet/pr...rv/reskit/intwork/inbe_vpn_obwd.mspx?mfr=true)

From reading this it appears that the the route is not actually
re-added to
the routing table after the VPN connection is reastablished for some
reason.
I have tried pinging the gateway to show that it is available but
the routing
table does not update. Presumably something should be checking to
see if a
gateway is available but is not recognising that the VPN has come
back up.

Does anyone know how to bypass this checking and force persistant
routes to
be part of the routing table?

You can specify the connection name to "dial". This works (I do it
myself). I run it in a startup script so the VPN will start back up when
the computer is rebooted.

rasdial work name password

"work" is the name of my VPN connection to my office. I need it alive
24/7 and to come back up by itself if the computer at home is rebooted.

And you can set the other end up to allow your client to specify its own
IP address, then just use the known local address as the gateway, rather
than specifying a remote address and local interface. Seems strange, but
it works.

....kurt

 

[armibewo]

I'm not sure if you need this now but what it means is literally add the IP
address that has been given by the VPN Server.

For example,

My network is 192.168.10.0. I VPN into a remote network 192.168.20.0 but
want to access network 192.168.30.0 that is behind it.

If I select 'Use default gateway on remote network' I get the following
route in my routing table:

0.0.0.0 0.0.0.0 192.168.20.34 192.168.20.34 1

Where 192.168.20.34 is the IP address that the VPN server has given me.

All traffic will go though the VPN and I will be able to access 192.168.30.0.

However if I do no want to use 'Use default gateway on remote network' I
need to manually add a route instead:

192.168.30.0 255.255.255.0 192.168.20.34 192.168.20.34 1

This allows me to access 192.168.30.0 without altering my default gateway.

I am not quite clear on the last part of the solultuon.

here is what i am tying to access the destination network:

route add 192.168.0.0 mask 255.255.255.0 10.0.0.115 IF 0x1f0006

if i type that then it works, but as you know the connection IF changes
everytimne the
the vpn connection is disconnected and reconnected.

I am not sure what he means by local address ? Can you shed some light on it?

my network 192.168.0.0 the remote networks that i adding the route for
192.168.0.0 and 10.2.3.0

Thanks,

Robert

Yes that works great! Thank you.

armibewo wrote:
Thank you for your suggestions. Unfortunately this does not seem to work in
this case.

When I add the route it will only add sucessfully if I specify the
interface. If I do not specify the interface I get the following mesage:

"The route addition failed: Either the interface index is wrong or the
gateway does not lie on the same network as the interface. Check the IP
Address Table for the machine."

It will add without problems if I specify the interface. However each time I
make the VPN connection the interface ID is different so a batch file would
not work.

:

I second Robert's suggestion, and might add that you can create a batch
file that will start the VPN and add the route (not persistent) so it
will be a one-step process instead of a 2-step. You can connect using
"rasdial", pause a few seconds for the connection to be established,
then add the route.

....kurt

Robert L [MVP - Networking] wrote:
I don't have solution, but what I might do is create batch to add route
whenever you establish the VPN. You may also want to use CMAK.This link
may help too,

How to vpn automatically
<http://www.howtonetworking.com/VPN/autorasdial1.htm>
Add pre-setup VPN auto-connection by *CMAK* to the Startup. 2. Create a
logon batch with rasdail command to start the VPN connection. *...*
http://www.howtonetworking.com/VPN/autorasdial1.htm


Bob Lin, MS-MVP, MCSE & CNE
Networking, Internet, Routing, VPN Troubleshooting on
http://www.ChicagoTech.net
How to Setup Windows, Network, VPN & Remote Access on
http://www.HowToNetworking.com

"armibewo" <[email protected]
I'm having a bit of trouble using 'route add' on Windows 2000 Server.

I have created a remote access VPN connection in Network and Dial Up
Connections and have cleared 'Use default gateway on remote network'
as I do
not want the VPN connection to alter the default gateway.

I connect to VPN and I'm given an IP address on the remote subnet. I
need to
access a server on a different subnet through the VPN so I create a
persitant
route using:

route -p add xxx.xxx.xxx.xxx mask 255.255.255.255 xxx.xxx.xxx.xxx
metric 1
if xxxxx

The route adds fine and I can ping the server I need. However after I
disconnect the VPN and then recconnect, the route no longer works.
After
reconnecting the persistant route is still there but is not being
followed.

I found the following on technet:

"With Windows NT 4.0 Service Pack 3 and later and with Windows 2000,
the
persistent routes are not actually added to the IP routing table
(and are not
visible with the route print command at the Windows 2000 command
prompt)
until the IP address of the gateway is reachable. The IP address of the
gateway becomes reachable when the VPN connection is made."

(http://www.microsoft.com/technet/pr...rv/reskit/intwork/inbe_vpn_obwd.mspx?mfr=true)

From reading this it appears that the the route is not actually
re-added to
the routing table after the VPN connection is reastablished for some
reason.
I have tried pinging the gateway to show that it is available but
the routing
table does not update. Presumably something should be checking to
see if a
gateway is available but is not recognising that the VPN has come
back up.

Does anyone know how to bypass this checking and force persistant
routes to
be part of the routing table?

You can specify the connection name to "dial". This works (I do it
myself). I run it in a startup script so the VPN will start back up when
the computer is rebooted.

rasdial work name password

"work" is the name of my VPN connection to my office. I need it alive
24/7 and to come back up by itself if the computer at home is rebooted.

And you can set the other end up to allow your client to specify its own
IP address, then just use the known local address as the gateway, rather
than specifying a remote address and local interface. Seems strange, but
it works.

....kurt