Tips From the Windows Pros: Manually Adding Routing Information

As I discussed previously (the bit about a can of worms), if you use Virtual Private Networking to connect to a remote network with more than one subnet, you can let Windows set the default gateway to be the remote network. This way, you can contact all the hosts on the remote network and its subnets. Unfortunately, all of your Internet traffic will travel through the tunnel, too, slowing you down. The remote network might not even permit outgoing Internet access.

The alternative is to disable the use of the default gateway and manually add routes to any subnets known to belong to the private network. You can do so at the command line by using the route command, which looks like this:

 route add subnet mask netmask gateway 

The subnet and netmask arguments are the addresses for additional networks that can be reached through the gateway address gateway. To add a route, you must know the IP address information for the remote subnets and your gateway address through the VPN.

You must get the subnet numbers from the network administrator on the remote end. You can find the gateway address from your own computer. Connect to the remote VPN, open a command prompt, and type ipconfig. One of the connections printed will be labeled PPP Adapter or L2TP Adapter. Note the IP address listed. This address can be used as the gateway address to send packets destined for other remote subnets.

Suppose you're connecting to a VPN host through a connection named VPN to Client and find these connection addresses:

 PPP adapter VPN to Client:       IP Address. . . . . . .  192.168.005.226       Subnet Mask . . . . . .  255.255.255.255       Default Gateway . . . .  192.168.005.226 

Now, suppose you know that there are two other subnets on the remote network: 192.168.10.0 mask 255.255.255.0, and 192.168.15.0 mask 255.255.255.0. You can reach these two networks by typing two route commands:

 route add 192.168.10.0 mask 255.255.255.0 192.168.005.226 route add 192.168.15.0 mask 255.255.255.0 192.168.005.226 

Each route command ends with the IP address of the remote gateway address (it's called the next hop).

Check your work by typing route print and looking at its output. You should see only one destination labeled 0.0.0.0; if you see two, you forgot to disable the use of the remote network as the default gateway. See that the two routes you added are shown.

To avoid having to type all this every time, you can use another neat trick. You can put a rasdial command and route commands in a batch file, like this:

 @echo off rasphone -d "VPN to Client" route add 192.168.10.0 mask 255.255.255.0 192.168.005.225 route add 192.168.15.0 mask 255.255.255.0 192.168.005.225 

The rasphone command pops up the connection dialer. When the connection is made, the two routes are added, and you're all set. With this setup, you'll need the network administrator to give you real RAS gateway address of the remote VPN server to use as the "next hop"of the route commands. With a shortcut to this batch file you can connect and set up the routes with just a click.

When you disconnect the VPN connection, Windows removes the added routes automatically.

For more information about rasdial and route, click Start, Help and Support, and search for the commands by name.