0

Our company network is 10.0.0.0/24 (not /8 as the class suggests, this wasn't my decision, and sadly can't be changed). We set up an RRAS VPN server. Windows 7 clients are advised to be set up not to use this VPN as the default gateway. So when these clients connect, they create a 10.0.0.0/8 route for the VPN, instead of /24.

I think I figured out why: in the IPv4 properties, there's this checkbox: "disable class based route addition". When unchecked, it creates a route based on the class, /8. When checked, no 10.0.0.0 route is created at all. So my question is: it is possible to specify on the RRAS server what route/netmask the client should use? I'm guessing that the client receives a netmask from the DHCP server, so this should be possible.

The above can be a simple netmask issue, so here's a more general case. Let's suppose that the company has another network, 192.168.0.0/16. Is there any way to configure the RRAS server to tell the clients to create a 192.168.0.0/16 route, in addition to 10.0.0.0/x? I know, one workaround is to use the VPN as a default gateway, and another is to run client-side batch files to do the job.

splattne
  • 28,508
  • 20
  • 98
  • 148
fejesjoco
  • 89
  • 3
  • 14
  • "(not /8 as the class suggests" - Classes were abandoned a long time ago. CIDR - the new standard - has no classes anymore. – TomTom Apr 19 '11 at 10:31
  • True as it may be, the Windows dialog still suggests that the route is class based. Their choice of words, not mine. – fejesjoco Apr 19 '11 at 10:42

1 Answers1

2

The general case solution is to configure your DHCP server to provide the proper routes to the client via option 121, "Classless Static Routes". The Windows 7 DHCP client will send a DHCPINFORM after connecting to the VPN and should receive the routes from the DHCP server.

Evan Anderson
  • 141,881
  • 20
  • 196
  • 331
  • Forgot to mention that the RRAS assigns IP's from a static pool. (DHCP is the other option on that dialog. I guess RRAS is acting as a DHCP server, and if I choose the DHCP option instead of the static pool, it would forward requests to the LAN DHCP server.) Anyway, there's not much to configure here other than the start and end addresses. – fejesjoco Apr 19 '11 at 12:16
  • Well, it seems like this is not the answer to my actual questions, because the netmask is decided by the VPN client, and the server can't influence that. So the only way is, as you said, setting up a DHCP server. – fejesjoco Apr 20 '11 at 08:24
  • try this: http://serverfault.com/questions/313589/how-to-set-up-routing-for-rras-vpn-connections – Bron Davies Sep 21 '11 at 21:16