Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations SkipVought on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

CMAK Help (split tunneling)

Status
Not open for further replies.
plattze

plattze

IS-IT--Management
Feb 2, 2004
73
0
0
AU
I'm trying a CMAK VPN connection to distribute to everyone at work, so all they have to do is install it, username and password, and it's all good. Just so I can hide all the non essentials such as IP, VPN encryption etc.

Anyway, connection wise, it's working fine. I've customized it to how I like it and I'm happy, I'm just having one problem doing something.

I _do_not_ want to the persons computer to set the default gateway to the VPN. I want the person to be online like normal, and only forward a single subnet through the VPN. According to Microsoft this is called split tunnelling.

Basically, he's the details (changed for privacy).

VPN Server IP: 192.168.1.1
Subnet I want to be routed through VPN: 192.168.2.0/255.255.255.0

I created a vpn_routes.txt file, and attached it into the CMAK FIle I created, which had this single line in it:

ADD 192.168.2.0 MASK 255.255.255.0 192.168.1.1 METRIC 192.168.1.1 IF default

However it doesnt work. When I try to use mstsc to connect to the box, it won't allow the connection. Just confirming once again, that we do have our own public subnets etc, I just changed the IPs to these for example/privacy sake.

Can anyone help me out here please? How do I do what I want?

 
Sort by date Sort by votes
You need to make sure your RRAS server knows the 192.168.2.0 is on the other side of that. That means adding a static route to RRAS. But that doesn't help if the IP assigned to the dialin user changes each time. The way around that is to assign an IP to the (unique) user in the User Properties/Dialin of AD Users. But you have to be in Native Mode of Windows 2000 to use that. You can also assign the routes that the client imports at that time.

There is supposedly another way of adding a persistent route through the Netsh method and assigning it to an adapter but I tried this at length and it messed things up impressively. Routes would not show in the Route table but would be in the RRAS route table, and you couldn't remove them without taking out RRAS.
 
Upvote 0 Downvote
I do not want to give VPN Clients a static IP just so routing will work.

Isn't there a way in the add route command to say %whatever_the_vpn_IP_is%

All I want to do is create a static route to route anything destined to a specific subnet to go through the VPN.

Since posting this thread, I've seen an example via a batch file run after the connection has been made, but didn't quite understand it.
 
Upvote 0 Downvote
The post dialup batch would work if it detects the new IP and uses it right away. Put up the batch file and someone might be able to comment it for you and explain how to use it.
 
Upvote 0 Downvote
Hi Plattze,

Are you sure you want to do split tunneling? It's very dangerous.
I add the VPN policy to prevent my users use split tunneling and then configure their proxy so they can surf to internet while they are doing VPN connection via my Proxy.

Thanks,
Winoto
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Abdullah Al Maruf
  • Locked
  • Question
Telnet help for
Replies
2
Views
103
gbaughma
gbaughma
on3mansh0w
  • Locked
  • Question
[HELP] AD GPO not applied unexpectedly
Replies
0
Views
64
on3mansh0w
on3mansh0w
Fireksf
  • Locked
  • Question
Avaya IPOCC not generate Report, Please any body if you a have any idea help me.
Replies
1
Views
61
MarkSweetland
MarkSweetland
suncit
  • Locked
  • Question
AD Corruption? Thanks for your help.
Replies
1
Views
36
markdmac
markdmac
tektipssiva
  • Locked
  • Question
Need help on creating system event log
Replies
1
Views
52
markdmac
markdmac

Part and Inventory Search

Sponsor

Back
Top