How to add custom static routes automatically for a RRAS VPN client?
Here's the situation. I have two networks connected by VPN routers, 192.168.0.x and 192.168.2.x. On the 2.x network I have a Windows 2008 server configured with RRAS for use by VPN clients. The RRAS server assigns addresses in its own subnet for VPN clients, i.e. a VPN client will receive a 192.168.2.x address. What I need is for VPN clients to be able to access the 192.168.0.x network. I have found that by adding a static route on a client machine with the "route add" command I can get it to work. Here's the command I have to use:
route add 192.168.0.0 mask 255.255.255.0 192.168.2.45
192.168.2.45 is the VPN client's assigned IP, which changes every time the client connects. Is there any way to add this static route automatically with the correct gateway, when the client connects? So no matter what IP the client gets, they will always have a static route with the gateway the same as their IP?
I've tried adding static routes in RRAS and in Active Directory Users and Computers (under the user's properties, dial-in tab), but neither of those work, I suspect because I can't specify the gateway.
While messing around, I've discovered that doing a route add with the gateway set to the VPN router's IP and specifying the dial-up interface works as well, i.e.:
route add 192.168.0.0 mask 255.255.255.0 192.168.2.1 if 0x120006
However this is not a solution either, because the interface name changes every time the VPN connection is dialed.
Is there any possible way to do what I need here?
route add 192.168.0.0 mask 255.255.255.0 192.168.2.45
192.168.2.45 is the VPN client's assigned IP, which changes every time the client connects. Is there any way to add this static route automatically with the correct gateway, when the client connects? So no matter what IP the client gets, they will always have a static route with the gateway the same as their IP?
I've tried adding static routes in RRAS and in Active Directory Users and Computers (under the user's properties, dial-in tab), but neither of those work, I suspect because I can't specify the gateway.
While messing around, I've discovered that doing a route add with the gateway set to the VPN router's IP and specifying the dial-up interface works as well, i.e.:
route add 192.168.0.0 mask 255.255.255.0 192.168.2.1 if 0x120006
However this is not a solution either, because the interface name changes every time the VPN connection is dialed.
Is there any possible way to do what I need here?
Last Comment
ASKER CERTIFIED SOLUTION
THIS SOLUTION IS ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
As for something automated, the RRAS and AD options you tried on your own are the only ones I am aware of.
Are the remote user's part of the domain? If so at logon there is an option to connect using a dial-up connection. This will then allow you to chose a windows VPN connection. The VPN then completes before logon allowing group policy and logon scripts to be applied. You could add the script there if a domain member.
Are the remote user's part of the domain? If so at logon there is an option to connect using a dial-up connection. This will then allow you to chose a windows VPN connection. The VPN then completes before logon allowing group policy and logon scripts to be applied. You could add the script there if a domain member.
ASKER
Unfortunately most of them aren't joined to the domain (they're using their own personal computers).
I have found that you can use scope options in DHCP to add static routes... however I haven't been able to find a way to have a scope that is just used for VPN users and nothing else. You'd think it wouldn't be that difficult to do...
I have found that you can use scope options in DHCP to add static routes... however I haven't been able to find a way to have a scope that is just used for VPN users and nothing else. You'd think it wouldn't be that difficult to do...
DHCP with VPN clients can be tricky. To use the scope options, the server must be the DHCP server. Then you have to use the DHCP relay agent in the RRAS console, and to use the Relay agent the DHCP server must reside on a different server than RRAS, and as you say it is difficult to specify only for VPN clients. One option is to use class ID's or reservations for all local devices, but that will be comae a management nightmare.
ASKER
Well this is exceedingly lame. I'll have to resort to using the batch file until I can find a more elegant solution, if one even exists. Thanks for all your help and input RobWill.
You are very welcome. Sorry I didn't have a better solution.
Thank you too.
Cheers !
--Rob
Thank you too.
Cheers !
--Rob
VPN
A virtual private network (VPN) is a network that uses a public telecommunication infrastructure, such as the Internet, to provide remote offices or travelling users access to a central organizational network securely. VPNs encapsulate data transfers using secure cryptographic methods and other security mechanisms to ensure that only authorized users can access the network and that the data cannot be intercepted.
26K
Questions
--
Followers
--
Top Experts
Get a personalized solution from industry experts
TRUSTED BY
ASKER
-I'd rather not have to use the option "use default gateway on remote network" on the clients.
-The clients need to have access to both subnets at once, so assigning them an address in one subnet or the other makes no difference.
-I've had a look at that other question with the batch file, and well that is a solution (and a nice batch file) I'm looking for something that just works when they connect and won't require them to click on anything else.
Thanks for your comments. I have a feeling I may end up having to use the batch file :/
I'm going to keep looking for alternate solution for the time being, though.