Automatic VPN routes configuration for PPTP in Windows 7/8

Arty KNopius

Prerequisites for this article

To read this article you should understand the following concepts:
- routing
- network and netmask
- DNS server IP
- configuring PPTP VPN on Windows 7/8

The Problem

Suppose we have a PC with Windows 8 (or Windows 7) and we have administrator privileges on it. Now we decided to connect to our workplace with PPTP (server is already configured on remote site and it's configuration is not covered by this article).

Once we have configured our VPN connection we can see that there are only 2 options to configure IP networks going to VPN tunnel:

1) Use VPN as a default gateway (all packets go to VPN)
2) Use VPN with only one route to the network, based on peer's PPTP internal IP address (say if we connected to remote peer with VPN address, we route all network there).

What if we want to route more than one specific networks to VPN and everything else to our default internet gateway?

A special software exists to perform this kind of tasks, that is called 'Connection Manager' (CM). But this article is not about 3rd party CMs.

All we want is configure custom routes, going to VPN, with native Windows 7/8 tools, which will be automatically enabled once you connect to remote site (and they will be automatically removed, once you bring the VPN connection down, this is a default Windows behavior).


I assume you already have a configured PPTP connection. In my example VPN connection name is ' FarPost VPN'. Remember it, I will use it in many places. Replace it with the name of your VPN connection.

Suppose we wish to route only the following networks to the VPN:

Also we want to use DNS servers from the VPN (their addresses should be in one of the above routable networks). Our DNS servers will be and

- Run 'cmd.exe' as Administrator.
  Press Windows-F, find Files -> 'cmd.exe', right click and select 'Run as Administrator'

- Create a directory for your scripts. I will name it 'FarpostVPN' (run this command in cmd.exe):
mkdir C:\ProgramData\Microsoft\Network\Connections\Cm\FarpostVPN
                      cd C:\ProgramData\Microsoft\Network\Connections\Cm\FarpostVPN

Open in new window

- Create a custom 'route add' script (also run from cmd.exe):
notepad routes.netsh

Open in new window

and here is content of our 'routes.netsh' (don't forget to replace 'FarPost VPN' with your real connection name):
interface ipv4
                      add route prefix= interface="FarPost VPN" store=active
                      add route prefix= interface="FarPost VPN" store=active

Open in new window

save this script to C:\ProgramData\Microsoft\N etwork\Con nections\C m\FarpostV PN

- Now connect to your VPN (this is a trick to locate correct windows Event), if you are not already connected

- Run Windows event viewer (from cmd.exe run):

Open in new window

and locate the latest 'Informational' event here: Windows Logs -> Applications and Services Logs -> Microsoft -> Windows -> Network Profile -> Operational (log name) -> 10000 (event ID).
In my case the event looks like:
Network Connected
      Name: FarPost VPN
      Desc: FarPost VPN
      Type: Unmanaged
      State: Connected
      Category: Public

- Right click on this event and select 'Attach Task To this Event'
Now you know what to do, no?
Assign any name and add meaningful description (say "add routes to FarPost VPN")

- Press Next (you will be on 'When The Event is Logged' dialog)
- Press Next again
Select 'Start a program' and press 'Next'
- on 'Start a program' dialog enter:

Open in new window

Add arguments:  

exec routes.netsh

Open in new window

Start in:


Open in new window

press Next
- on 'Finish' dialog check the 'Open the properties dialog when I click Finish'
press Finish

- on Task properties dialog change the following:
General tab:
- check 'Run with highest privileges'
- configure for: (select Windows 8 or Vista)
Conditions tab:
- uncheck 'Start the task only if computer runs on AC power'
- Start only if the following network connection is available: select your VPN connection
press OK, your task is ready

- if you missed your task properties, in cmd.exe you can run:

Open in new window

and locate your task here:
Task Scheduler Library -> Event Viewer Tasks
here you can also 'Enable All Tasks History' and see when and what codes your task executed in 'History' tab

- close 'cmd.exe'

- now configure custom DNS servers on your VPN connection
right click on your VPN connection
select 'Properties'
'Networking' tab -> select 'Internet Protocol Version 4' -> Properties
select 'Use the following DNS server addresses':
enter Preferred DNS and Alternative server IP (your internal VPN server address, in my example it is and
press 'OK' and you are done

- now every time you connect to your VPN server, routes should be added automatically

Artyom A. Konovalenko
Arty KNopius

Comments (0)

Have a question about something in this article? You can receive help directly from the article author. Sign up for a free trial to get started.