Sometimes, you want your microsoft VPN to route all the traffic to the remote network. Usually your employer network. This makes it possible to access all the nodes inside this remote LAN, even if they have no "public DNS" entries.
To do so, you would configure the VPN connexion so that it becomes your "default gateway".
It works great, you can connect to all the nodes in the remote LAN.
But now you need to print something on your local printer. It's a networked printer, on YOUR LAN.
Since all your traffic is routed to the remote LAN, you'll never reach anything on YOUR LAN.
This example uses a networked printer but it can be a network attached storage, a file server, a media server... Anything that is available on your LAN.
So what you usually do?
You disconnect the VPN, and voila.
But know, when you realize that you need to connect to your remote LAN again, you loose the connection to your own LAN.
Especially frustrating if you need to access some Intranet. You would have to make local copies (or print web pages to pdf...), disconnect, use the local copies. It can even become a security concern, because things that should not leave the Intranet are now on your LAN.
The problem is that with a VPN that uses the default gateway on the remote network, this forces the use of the remote gateway as the default gateway and this sets the route to this default gateway to use a metric of 1.
Fortunately, there is at least one solution:
Basically, what I do is that I set a standard VPN connection, that I customize so that it will not use the remote LAN default gateway. And then I change the routing table so that my default gateway stays my home router (or the hotel router) and at the same time, all the traffic to my employers network go through the VPN link.
My employers owns 2 C-Class Internet ranges so the routing to my employer's network is easy to figure out.
OTOH, when specifying a route in Windows, one must know the IP address and ID of the interface to use for these packets. And a VPN interface (actually a WAN PPP interface) has the nasty habit of changing its ID each time it is launched, and usually, it will also get a different IP address each time. So I developed a small utility to recover this ID and store it in an environment variable.
Then, I just have to invoke the corresponding "route change" or "route add" commands to add the routes to my employers C-Class and to make these route using the VPN interface.
It may seem more complicated than it is.
Create the VPN connexion using standard MS Windows VPN.
In my case, my employer uses a simple PPTP tunnel, so it is very easy. But L2TP should be as easy. IPSEC might be a little more complex, but if you use IPSEC, you might skip this step and just change the routing as described below.
What you miss is my NICIndex tool that can be downloaded from this site, just following the link above.
It is a Delphi program which uses WMI to get the network adapters information.
It gets the ID of the first interface it founds which IP address begins with the parameter passed to it. In the example above:
NICIndex.exe /IPPrefix=193.105.13. /type=PPP
will get the interface ID of the first network interface which type is "PPP" (Point to point protocol, which is the type of VPN interfaces. The other types that you might use are "Ethernet" and, maybe, "TokenRing"...) that has an IP address beginning with 193.105.13
It will display this ID in the form
for instance SET NICIDX=0x2000A
It also displays the interface IP address in the form
Actually, NICPPPIndex.exe displays something like
you create a SetPPP.bat file in your temp folder.
When you call this SetPPP.bat file, you create the NICIP and NICIDX environment variables that you need to tune your routing table.
Thus my "VPNRoute.bat" file:
In order for this to work, you need the NICIndex.exe file. And it must be in your PATH.
Now connect it !
The only thing you have to do is to launch the VPN connection. When it is OK, launch the VPNRoute.bat file (for instance copy it on your desktop, after having modified it to suit your particular networking configuration)