VPN

This may be more of a Windows issue, but it is annoying and I was wondering if their was a way to prevent it.  When my remote clients connect via PPTP, they are no longer able to browse the Internet from their local computer.  It appears as if the Internet traffic from the client is trying to route over the PPTP connection.  I did not want to allow this, so I created a firewall rule to allow access to only local resources via PPTP.  But, the problem still remains.  How can I tell Windows to route traffic not destined for the PPTP endpoint out its own local default gateway

Vincent

In the pptp connection properties on the client, go into Networking , TCP/IP Properties, Advanced and remove the tick for 'Use default gateway on remote network'

I take it this then requires the PPTP remote address range to coincide with that of the LAN interface?

Thanks.

Vincent

Someone else MUST have this issue.  Brushedmoss' suggestion did not work.  Here are the particulars of my setup:

LAN Network:    192.168.0.x
PPTP Network:  192.168.100.x

PPTP VPN Rule:  Source-PPTP clients  Destination-LAN net

The VPN users connect correctly (actually, it works great).  But, once connected, the users can no longer access the Internet, at all.  Isn't there a way for them to route packets destined for the remote network across the PPTP connection and packets destined for ANY other network out their (original) default gateway?  I tried burshedmoss' suggestion, but it no longer permits clients to reach any of the resources on the remote (VPN) network.

Or am I out of luck?  If I want them to be able to route across the Internet they have to route out the remote network's default gateway?

Thanks.

Vincent

try my suggestion, then post the output of 'route print' from a command prompt, while tunnelled up .

Here is the routing table.  With the suggested change, I can access the Internet, but am unable to access resources from the remote network (192.168.0.x).

Thanks.

Vincent

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0          5.0.0.1      5.49.186.53  13481
          0.0.0.0          0.0.0.0         On-link       72.63.98.33     41
          5.0.0.0        255.0.0.0         On-link       5.49.186.53  13481
      5.49.186.53  255.255.255.255         On-link       5.49.186.53  13481
    5.255.255.255  255.255.255.255         On-link       5.49.186.53  13481
   65.105.187.162  255.255.255.255         On-link       72.63.98.33     41
      72.63.98.33  255.255.255.255         On-link       72.63.98.33    296
        127.0.0.0        255.0.0.0         On-link         127.0.0.1   4531
        127.0.0.1  255.255.255.255         On-link         127.0.0.1   4531
  127.255.255.255  255.255.255.255         On-link         127.0.0.1   4531
      169.254.0.0      255.255.0.0         On-link    169.254.11.197   4501
   169.254.11.197  255.255.255.255         On-link    169.254.11.197   4501
  169.254.255.255  255.255.255.255         On-link    169.254.11.197   4501
    192.168.100.0    255.255.255.0    192.168.100.1   192.168.100.16     41
   192.168.100.16  255.255.255.255         On-link    192.168.100.16    296
        224.0.0.0        240.0.0.0         On-link         127.0.0.1   4531
        224.0.0.0        240.0.0.0         On-link    169.254.11.197   4502
        224.0.0.0        240.0.0.0         On-link       5.49.186.53  13482
        224.0.0.0        240.0.0.0         On-link       72.63.98.33     41
  255.255.255.255  255.255.255.255         On-link         127.0.0.1   4531
  255.255.255.255  255.255.255.255         On-link    169.254.11.197   4501
  255.255.255.255  255.255.255.255         On-link       5.49.186.53  13481
  255.255.255.255  255.255.255.255         On-link       72.63.98.33    296
  255.255.255.255  255.255.255.255         On-link    192.168.100.16    296
===========================================================================
Persistent Routes:
  Network Address          Netmask  Gateway Address  Metric
          0.0.0.0          0.0.0.0      192.168.0.1  Default
          0.0.0.0          0.0.0.0          5.0.0.1  Default
===========================================================================

For comparison purposes, here are the top entries when "Use default gateway on remote network" is selected:

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0          5.0.0.1      5.49.186.53  17706
          0.0.0.0          0.0.0.0         On-link       72.63.98.33   4266
          0.0.0.0          0.0.0.0         On-link    192.168.100.16     41

you will need to have the client add a route to 192.168.0.0/24 on the client side after connect. 

something like 'route add 192.168.0.0 255.255.255.0 192.168.100.1' 

you can script this as part of the dialup on the client side, in the past when I did this , I used a microsoft tool that created a customized vpn dialer that had the route script included.

Brushedmoss,

This makes sense.  Do you know what the name of the tool was that you used?

Thank you for your help.

Vincent

I think it was connection manager
http://technet.microsoft.com/en-us/library/cc739464(WS.10).aspx