0

I have the following situation:

VPN with Server 1:
- Server IP: 10.8.4.1
- Client IP Range: 10.8.4.1 to 10.8.4.254
- Netmask: 255.255.255.0

VPN with Server 2:
- Server IP: 10.8.5.1
- Client IP Range: 10.8.5.1 to 10.8.5.254
- Netmask: 255.255.255.0

I control both servers completely. Now I want to connect with one and the same client to both servers while keeping a direct connection to the internet. Just requests to the 10.8.4.0 network should go to 10.8.4.1 and just requests to the 10.8.5.0 network should go to 10.8.5.1.

To reach this goal, I cleared the "Use remote gateway" checkbox in the two VPN connections. This allows me to simultaneously use the internet resources and the VPN connections. But the problem is, that both connections add a class based route to my routing table.

So, if I connect to both VPN servers simultaneously, I get the following two rules:

10.0.0.0   255.0.0.0   10.8.5.1
10.0.0.0   255.0.0.0   10.8.4.1

Now just one VPN connection (the one with the lower metric) works because the first route routes all traffic to 10.0.0.0 to the first servers gateway. What I want to achieve is to get the following routes created on connecting to the VPN servers:

10.8.5.0   255.255.255.0   10.8.5.1
10.8.4.0   255.255.255.0   10.8.4.1

If I check the "Disable class based route addition" checkbox of the connection, the two routes are not being created. But I want them to be created, just not as 10.0.0.0 but as 10.8.5.0 or 10.8.4.0 respecitvely.

I tried to add a static route in the dial-in users properties on the server. But this didn't have any effect neither. I understand that my goal could be achieved using a batch file which connects to the VPN server and subsequently modifies the routing table accordingly. But I wonder whether or not this can be configured on the server?

030
  • 5,901
  • 13
  • 68
  • 110
TOG
  • 1
  • 2

2 Answers2

0

You need to fix the VPN servers so that they use 10.8.5.0/24 and 10.8.4.1/24 subnetworks in their configurations. After all, it is the VPN server that hands out IP configuration information to the clients.

Tero Kilkanen
  • 36,796
  • 3
  • 41
  • 63
  • This is what I expected as well. Actually I think the servers configuration **is set to** 10.8.5.0/24. Let me describe my servers configuration in more detail: I use the "Routing and Remote Access" console. Right-click on the server > properties: Check "IPv4 Router" and "LAN and demand-dial routing" and "IPv4 Remote access server". On the tab IPv4: "Static address pool", From: "10.8.5.1", To: "10.8.5.254", IP Address: "10.8.5.0", Mask: "255.255.255.0". I understand, that this is the configuration for the DHCP clients in that network. But where can I configure the routes created on clients? – TOG Feb 08 '17 at 07:25
0

I found a solution which may be appropriate for certain environments (not for mine unfortunately, but anyway):

Just use a C class network instead of a A class network. You can e.g. use the following configuration for the server:
- Server IP: 192.168.4.1 (instead of 10.8.4.1)
- Client IP Range: 192.168.4.1 to 192.168.4.254 (instead of 10.8.4.1 to 10.8.4.254)
- Netmask: 255.255.255.0 (same as in the questions configuration)

Using this configuration, the client creates a route for the C class network 192.168.4.0 (if the "Enable Class Based Route Creation" switch in the connections properties is set accordingly).

I did not figure out though, how to configure RRAS the desired way (that the server informs the client about certain static routes).

TOG
  • 1
  • 2