Prerequisites for this article
To read this article you should understand the following concepts:
- network and netmask
- DNS server IP
- configuring PPTP VPN on Windows 7/8
Suppose we have a PC with Windows 8 (or Windows 7) and we have administrator privileges on it. Now we decided to connect to our workplace with PPTP (server is already configured on remote site and it's configuration is not covered by this article).
Once we have configured our VPN connection we can see that there are only 2 options to configure IP networks going to VPN tunnel:
1) Use VPN as a default gateway (all packets go to VPN)
2) Use VPN with only one route to the network, based on peer's PPTP internal IP address (say if we connected to remote peer with 192.168.15.1 VPN address, we route all 192.168.15.0/24 network there).
What if we want to route more than one specific networks to VPN and everything else to our default internet gateway?
A special software exists to perform this kind of tasks, that is called 'Connection Manager' (CM). But this article is not about 3rd party CMs.
All we want is configure custom routes, going to VPN, with native Windows 7/8 tools, which will be automatically enabled once you connect to remote site (and they will be automatically removed, once you bring the VPN connection down, this is a default Windows behavior).
I assume you already have a configured PPTP connection. In my example VPN connection name is 'FarPost VPN
'. Remember it, I will use it in many places. Replace it with the name of your VPN connection.
Suppose we wish to route only the following networks to the VPN:
Also we want to use DNS servers from the VPN (their addresses should be in one of the above routable networks). Our DNS servers
will be 192.168.100.2 and 172.16.1.2.
- Run 'cmd.exe' as Administrator.
Press Windows-F, find Files -> 'cmd.exe', right click and select 'Run as Administrator'
- Create a directory for your scripts. I will name it 'FarpostVPN' (run this command in cmd.exe):
- Create a custom 'route add' script (also run from cmd.exe):
and here is content of our 'routes.netsh' (don't forget to replace 'FarPost VPN' with your real connection name):
add route prefix=172.16.1.0/24 interface="FarPost VPN" store=active
add route prefix=192.168.100.0/24 interface="FarPost VPN" store=active
save this script to C:\ProgramData\Microsoft\N
- Now connect to your VPN (this is a trick to locate correct windows Event), if you are not already connected
- Run Windows event viewer (from cmd.exe run):
and locate the latest 'Informational' event here: Windows Logs -> Applications and Services Logs -> Microsoft -> Windows -> Network Profile -> Operational (log name) -> 10000 (event ID).
In my case the event looks like:
Name: FarPost VPN
Desc: FarPost VPN
- Right click on this event and select 'Attach Task To this Event'
Now you know what to do, no?
Assign any name and add meaningful description (say "add routes to FarPost VPN")
- Press Next (you will be on 'When The Event is Logged' dialog)
- Press Next again
Select 'Start a program' and press 'Next'
- on 'Start a program' dialog enter:
- on 'Finish' dialog check the 'Open the properties dialog when I click Finish'
- on Task properties dialog change the following:
- check 'Run with highest privileges'
- configure for: (select Windows 8 or Vista)
- uncheck 'Start the task only if computer runs on AC power'
- Start only if the following network connection is available: select your VPN connection
press OK, your task is ready
- if you missed your task properties, in cmd.exe you can run:
and locate your task here:
Task Scheduler Library -> Event Viewer Tasks
here you can also 'Enable All Tasks History' and see when and what codes your task executed in 'History' tab
- close 'cmd.exe'
- now configure custom DNS servers on your VPN connection
right click on your VPN connection
'Networking' tab -> select 'Internet Protocol Version 4' -> Properties
select 'Use the following DNS server addresses':
enter Preferred DNS and Alternative server IP (your internal VPN server address, in my example it is 192.168.100.2 and 172.16.1.2)
press 'OK' and you are done
- now every time you connect to your VPN server, routes should be added automatically
Artyom A. Konovalenko