9月 292017
 

Published on 2013-06-30
Prerequisites for this article
To read this article you should understand the following concepts:
– VPN
– PPTP
– routing
– network and netmask
– DNS server IP
– configuring PPTP VPN on Windows 7/8

The Problem
Suppose we have a PC with Windows 8 (or Windows 7) and we have administrator privileges on it. Now we decided to connect to our workplace with PPTP (server is already configured on remote site and it’s configuration is not covered by this article).

Once we have configured our VPN connection we can see that there are only 2 options to configure IP networks going to VPN tunnel:

1) Use VPN as a default gateway (all packets go to VPN)
2) Use VPN with only one route to the network, based on peer’s PPTP internal IP address (say if we connected to remote peer with 192.168.15.1 VPN address, we route all 192.168.15.0/24 network there).

What if we want to route more than one specific networks to VPN and everything else to our default internet gateway?

A special software exists to perform this kind of tasks, that is called ‘Connection Manager’ (CM). But this article is not about 3rd party CMs.

All we want is configure custom routes, going to VPN, with native Windows 7/8 tools, which will be automatically enabled once you connect to remote site (and they will be automatically removed, once you bring the VPN connection down, this is a default Windows behavior).

Solution

I assume you already have a configured PPTP connection. In my example VPN connection name is ‘FarPost VPN’. Remember it, I will use it in many places. Replace it with the name of your VPN connection.

Suppose we wish to route only the following networks to the VPN:
172.16.1.0/24
192.168.100.0/24

Also we want to use DNS servers from the VPN (their addresses should be in one of the above routable networks). Our DNS servers will be 192.168.100.2 and 172.16.1.2.

Step-by-Step:
– Run ‘cmd.exe’ as Administrator.
Press Windows-F, find Files -> ‘cmd.exe’, right click and select ‘Run as Administrator’

– Create a directory for your scripts. I will name it ‘FarpostVPN’ (run this command in cmd.exe):

mkdir C:\ProgramData\Microsoft\Network\Connections\Cm\FarpostVPN
cd C:\ProgramData\Microsoft\Network\Connections\Cm\FarpostVPN

Select all

Open in new window

– Create a custom ‘route add’ script (also run from cmd.exe):

notepad routes.netsh

Select all

Open in new window
and here is content of our ‘routes.netsh’ (don’t forget to replace ‘FarPost VPN’ with your real connection name):

interface ipv4
add route prefix=172.16.1.0/24 interface=”FarPost VPN” store=active
add route prefix=192.168.100.0/24 interface=”FarPost VPN” store=active
exit

Select all

Open in new window
save this script to C:\ProgramData\Microsoft\Network\Connections\Cm\FarpostVPN

– Now connect to your VPN (this is a trick to locate correct windows Event), if you are not already connected

– Run Windows event viewer (from cmd.exe run):

eventvwr.exe

Select all

Open in new window
and locate the latest ‘Informational’ event here: Windows Logs -> Applications and Services Logs -> Microsoft -> Windows -> Network Profile -> Operational (log name) -> 10000 (event ID).
In my case the event looks like:
Network Connected
Name: FarPost VPN
Desc: FarPost VPN
Type: Unmanaged
State: Connected
Category: Public

– Right click on this event and select ‘Attach Task To this Event’
Now you know what to do, no?
Assign any name and add meaningful description (say “add routes to FarPost VPN”)

– Press Next (you will be on ‘When The Event is Logged’ dialog)
– Press Next again
Select ‘Start a program’ and press ‘Next’
– on ‘Start a program’ dialog enter:
Program/script:
netsh.exe

Select all

Open in new window
Add arguments:

exec routes.netsh

Select all

Open in new window
Start in:

C:\ProgramData\Microsoft\Network\Connections\Cm\FarpostVPN\

Select all

Open in new window
press Next
– on ‘Finish’ dialog check the ‘Open the properties dialog when I click Finish’
press Finish

– on Task properties dialog change the following:
General tab:
– check ‘Run with highest privileges’
– configure for: (select Windows 8 or Vista)
Conditions tab:
– uncheck ‘Start the task only if computer runs on AC power’
– Start only if the following network connection is available: select your VPN connection
press OK, your task is ready

– if you missed your task properties, in cmd.exe you can run:

taskschd.msc

Select all

Open in new window
and locate your task here:
Task Scheduler Library -> Event Viewer Tasks
here you can also ‘Enable All Tasks History’ and see when and what codes your task executed in ‘History’ tab

– close ‘cmd.exe’

– now configure custom DNS servers on your VPN connection
right click on your VPN connection
select ‘Properties’
‘Networking’ tab -> select ‘Internet Protocol Version 4’ -> Properties
select ‘Use the following DNS server addresses’:
enter Preferred DNS and Alternative server IP (your internal VPN server address, in my example it is 192.168.100.2 and 172.16.1.2)
press ‘OK’ and you are done

– now every time you connect to your VPN server, routes should be added automatically

Regards,
Artyom A. Konovalenko

https://www.experts-exchange.com/articles/11931/Automatic-VPN-routes-configuration-for-PPTP-in-Windows-7-8.html

 回复

您可以使用这些 HTML 标签和属性: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>