[Last Call] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 816
  • Last Modified:

VPN: How do I redirect regular TCP traffic to decongest VPN tunnel

environment:
windows 7 shared folder
vpn server router: Asus rt-n16
bandwidth: 35d 5u
clients: Xp, Vista, Win 7
Issue: TCP traffic suffocate the VPN turnnel
please help me redirect the traffic to regular browsing and the vpn clients traffic to the tunnel.
0
Forinsight
Asked:
Forinsight
1 Solution
 
giltjrCommented:
This is done via routing tables.  You need to make sure that the routing tables are setup so that the default route goes directly to the Internet and that traffic to any IP address that must go over the VPN tunnel is routed over the VPN tunnel.

What type of VPN do you use?  Does it require a VPN client?  If so, typically the IP routes are setup by the group that manages the VPN client settings.
0
 
ForinsightAuthor Commented:
thank you for your reply.

i use asus rt-n16 vpn router as my vpn router and the windows vpn clients: xp, vista, win 7.
vpn clients are configured by windows native vpn connection. once connected to the router vpn server, windows 7 workgroup shared folders are accessed: big file for intuit tax proseries.

please provide a framework or links that i can do this properly with specific network routing for asus router vpn server and windows OSes.
0
 
footechCommented:
In the properties of your VPN connection, go to the Advanced Properties of TCP/IP, uncheck the box for "Use default gateway on remote network".
0
Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

 
John HurstBusiness Consultant (Owner)Commented:
Native Windows VPN likes to exclude outside internet traffic, so if the above suggestions do not work, consider using a split tunnel client on the workstations. I use NCP Secure Entry (www.ncp-e.com) and it works fine giving me (and my clients) outside internet while keep tunnel traffic to the necessary activity. I use NCP with IPsec VPN, although it is supposed to work with PPTP VPN.

... Thinkpads_User
0
 
ForinsightAuthor Commented:
footech
it did not make any difference but just slightly slower.

thinkpads_user
still working on your suggestion.
0
 
giltjrCommented:
Do you know if you have multiple subnets at your work place? Or wherever the VPN server is at.

Do you know if your IP address on the \ VPN is within the same subnet as the hosts you need to access over the VPN?

If there is a single subnet and your computer is on that subnet when connected to the VPN then footech's suggestion should work.

If there are multiple subnets or you are not on the same subnet as all other hosts then you need setup the routes needed after you connect to the VPN tunnel.  A script could be written, I did this for my work VPN.
0
 
ForinsightAuthor Commented:
of course, there are multiple subnets. as many as there are vpn client going through vpn server.

but, the vpn server isolates the connection to the regular LAN by dispensing dhcp ip's of different range for all vpn clients within the same subnet on the host.
0
 
giltjrCommented:
Just because there are multiple clients does not mean there are multiple subnets.  Different VPN servers work differently and can be setup differently.  I have seen some where all VPN clients and all servers were on the same subnet.


On your "regular LAN" do you have a single subnet or multiple subnets that you need to communicate with over the VPN connection?
0
 
ForinsightAuthor Commented:
giltjr
nope. i'm in a workgroup. all peers have different subnets of networks. they have different subnet masks. but if you mean one network with multiple subnets then, NO.

sorry... but why are you asking this question? is this relevant to our issue? please don't confuse me. kindly explain.

thinkpads_user
i experimented ncp gmbh. it's a very secured vpn client.but when it would not connect not matter what, i began to wonder if it's compatible. NO!!! as specified above my vpn server is asus vpn router rt-n16. it's not compatible as it was not one of those listed.

do you have another recommendation?
0
 
giltjrCommented:
Yes, it is VERY relevant.  Say you only have a single IP subnet that you need to communicate with, what you can do is uncheck the "Use default gateway on remote network" as footech suggested.

Then with a simple Windows cmd file you define the needed routes that MUST go over the VPN tunnel.  However, in order to do this you must know:

1) Is there a single IP subnets on the other end of the tunnel or multiple IP subnets?
2) What the IP subnet or subnets are.
3) What the IP subnet is that gets assigned to you when you connect to the VPN server.

Do you know the above?
0
 
SteveCommented:
Hi Forinsight,

To confirm: you have multiple Windows clients independatly dialling into a VPN held remotely.

If NON-VPN traffic is causing VPN issues, its normally because of one of the following two causes:

a) Wrong Default gateway
b) DNS being directed via VPN
c) bandwidth of line is not high enough to support a VPN in addition to the normal traffic.


footech said:

In the properties of your VPN connection, go to the Advanced Properties of TCP/IP, uncheck the box for "Use default gateway on remote network".

So that's 'a' out of the way. If you have this setting enabled it forces ALL internet traffic through the VPN. This does seem to match your description of the symptoms so may be worth revisiting.

If you are sure this is not the issue, check into your DNS settings when connected to the VPN as this may be an issue. Shouldnt normally cause as much traffic as you seem to be describing, but it's worth a try.

Alternitavely, you mention the bandwidth at your end, but dont mention the bandwidth at the server end. If the upload speed at the server's end isnt good enough you'll probbaly find the VPN runs like a dog.
0
 
ForinsightAuthor Commented:
giltjr
thank you for detailed explanation and the breadth of your vpn knowledge. to make it simple let's say that no matter how many subnets connect to the vpn server, they are stripped of their native ip's and  then  dispensed with an ip that falls within the ip pool for the network behind the router.  that's why vpn clients can connect to the vpn server and the LAN, where the shared folders are, behind the router.

but i don't like to go that route ie. routing cmd file etc,. testing the thinkpads_user recommendation of ncp secured vpn client where i can split the tunnel, i h've found the  ways (just from the manual and configuring the software although failed to hit the vpn gateway) where i could decongest the tunnel.  the only problem is that it is not compatible with my vpn server. do you know of any secured vpn client (free if possible) that can split the tunnel?
0
 
ForinsightAuthor Commented:
totallytonto
i'll give you a reply soon.
0
 
giltjrCommented:
" to make it simple let's say that no matter how many subnets connect to the vpn server, they are stripped of their native ip's and  then  dispensed with an ip that falls within the ip pool for the network behind the router. "

I think you are looking at this from the wrong side.  Here is what I am talking about:

YourSite <------ VPN -----> OtherSite <----- OtherSite Network -----> Servers at OtherSite

How many subnets are there at your Work?  I am assuming that you are connecting to your work.  The VPN server at the other site is not going to NAT the Ip addresses of the servers at the other site.  You are going to access those servers using their real IP addresses, at least typically this is done.


The route command I am talking about will setup a split tunnel.  But you need to know what IP addresses at the "OtherSite" you are going to access so that the routing table can be updated/changed to route the proper addresses over the tunnel and everything else over the Internet.
0

Featured Post

Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now