add static route to VPN connection

[Franz Schenk]

We have to add a static route to our XP Clients that connect over L2TP/IPSec
to a VPN Server.

Adding the route without specifying the interface doesn't work, we get an
error message that the route cannot be added.

But establishing the VPN connection, then determine the interface with
"route print", then adding the route with specifying the interface of the
WAN (PPP/SLIP) Interface works fine and we have the functionality we need.
The route we want is successfully added as the printscreens from the command
prompt below shows.

Unfortunately, Windows XP changes the VPN Interface name every time when the
VPN connection is disconnected and reastablished! The first time, the WAN
interface has the name 0x20004, the second time 0x40004 etc. (see
printscreen from route print below).

Does anyone have an idea how we can "tell" Windows XP that the VPN Interface
should have the same name every time when the VPN connection is established,
or another solution to permanently add the route to the VPN Interface of the
XP workstations? (I know that with CMAK, it's possible to add routes after
establishing a connection, but we don't want to use CMAK if possible).

Thanks in advance for any help!
Franz


P:\>route print
===========================================================================
Schnittstellenliste
0x1 ........................... MS TCP Loopback interface
0x2 ...00 80 c7 df a3 db ...... Xircom Ethernetadapter 10/100
0x60004 ...00 53 45 00 00 00 ...... WAN (PPP/SLIP) Interface
===========================================================================
===========================================================================
Aktive Routen:
Netzwerkziel Netzwerkmaske Gateway Schnittstelle Anzahl
0.0.0.0 0.0.0.0 10.10.10.1 10.10.10.74 30
10.10.10.0 255.255.255.0 10.10.10.74 10.10.10.74 30
10.10.10.74 255.255.255.255 127.0.0.1 127.0.0.1 30
10.255.255.255 255.255.255.255 10.10.10.74 10.10.10.74 30
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
172.29.0.0 255.255.0.0 172.29.16.84 172.29.16.84 1
172.29.16.84 255.255.255.255 127.0.0.1 127.0.0.1 50
172.29.255.255 255.255.255.255 172.29.16.84 172.29.16.84 50
193.135.215.141 255.255.255.255 10.10.10.1 10.10.10.74 30
224.0.0.0 240.0.0.0 10.10.10.74 10.10.10.74 30
224.0.0.0 240.0.0.0 172.29.16.84 172.29.16.84 50
255.255.255.255 255.255.255.255 10.10.10.74 10.10.10.74 1
Standardgateway: 10.10.10.1
===========================================================================
Ständige Routen:
Keine

P:\>route add 172.0.0.0 mask 255.0.0.0 172.29.16.1 if 0x60004

P:\>

-----------------------------------

P:\>route print
===========================================================================
Schnittstellenliste
0x1 ........................... MS TCP Loopback interface
0x2 ...00 80 c7 df a3 db ...... Xircom Ethernetadapter 10/100
0x60004 ...00 53 45 00 00 00 ...... WAN (PPP/SLIP) Interface
===========================================================================
===========================================================================
Aktive Routen:
Netzwerkziel Netzwerkmaske Gateway Schnittstelle Anzahl
0.0.0.0 0.0.0.0 10.10.10.1 10.10.10.74 30
10.10.10.0 255.255.255.0 10.10.10.74 10.10.10.74 30
10.10.10.74 255.255.255.255 127.0.0.1 127.0.0.1 30
10.255.255.255 255.255.255.255 10.10.10.74 10.10.10.74 30
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
172.0.0.0 255.0.0.0 172.29.16.1 172.29.16.84 1
172.29.0.0 255.255.0.0 172.29.16.84 172.29.16.84 1
172.29.16.0 255.255.255.128 172.29.16.84 172.29.16.84 1
172.29.16.84 255.255.255.255 127.0.0.1 127.0.0.1 50
172.29.255.255 255.255.255.255 172.29.16.84 172.29.16.84 50
193.135.215.141 255.255.255.255 10.10.10.1 10.10.10.74 30
224.0.0.0 240.0.0.0 10.10.10.74 10.10.10.74 30
224.0.0.0 240.0.0.0 172.29.16.84 172.29.16.84 50
255.255.255.255 255.255.255.255 10.10.10.74 10.10.10.74 1
Standardgateway: 10.10.10.1
===========================================================================
Ständige Routen:
Keine

P:\>

**** The route 172.0.0.0 is successfully added ****

 

[Robin Walker]

But establishing the VPN connection, then determine the interface with
"route print", then adding the route with specifying the interface of the
WAN (PPP/SLIP) Interface works fine and we have the functionality we need.
The route we want is successfully added as the printscreens from the
command
prompt below shows.

Unfortunately, Windows XP changes the VPN Interface name every time when
the
VPN connection is disconnected and reastablished! The first time, the WAN
interface has the name 0x20004, the second time 0x40004 etc. (see
printscreen from route print below).

Yes, this is an absolute pain with Windows. The required syntax of the
"route" command is an abomination, and the lack of names for interfaces is
unhelpful (as you say, the numbers change each time, and the IP address of
the VPN link is unpredicatble).

I worked around this problem by writing a VBScript that analysed the routing
table, worked out which interface the VPN was, and then generated the
correct "route" commands to add routes to the VPN link.

 

[Jeffrey Randow (MVP)]

You can add static routes in the Active Directory Users & Computers
for Remote connections.... This makes things a bit easier...

Jeffrey Randow (Windows Networking & Smart Display MVP)
(e-mail address removed)

Please post all responses to the newsgroups for the benefit
of all USENET users. Messages sent via email may or may not
be answered depending on time availability....

Remote Networking Technology Support Site -
http://www.remotenetworktechnology.com
Windows XP Expert Zone - http://www.microsoft.com/windowsxp/expertzone

 

[Bill Sanderson]

Slick--I did not know that!

You can add static routes in the Active Directory Users & Computers
for Remote connections.... This makes things a bit easier...

Jeffrey Randow (Windows Networking & Smart Display MVP)
(e-mail address removed)

Please post all responses to the newsgroups for the benefit
of all USENET users. Messages sent via email may or may not
be answered depending on time availability....

Remote Networking Technology Support Site -
http://www.remotenetworktechnology.com
Windows XP Expert Zone - http://www.microsoft.com/windowsxp/expertzone

 

[Franz Schenk]

Thanks, this seems a very good solution, but it doesn't work and I
misunderstand something (and haven't found help on the Micosoft Website,
Helpfiles or elsewhere): In my opinion, defining a static route requires at
least three parameters: Destination Network, Mask, Destination (or Gateway
for the route).
And in "AD Users Computers" in the Dial-In Properties of a user, when
creating a static route, it's NOT possible to specify the destination
(Gateway) of the static route.

Can you or anyone else explain this?
Thank you all in advance for the help!

Franz

 

[Franz Schenk]

Hi Robin

Do you mind to post the script to the NG? I know that it's not very complex,
but if you write a VB script two to three times a year like me, it still
takes 2 to 3 hours until it's working.

Thank you in advance, if this is possible!
Franz

 

[Jeffrey Randow (MVP)]

It adds a static route on your VPN/RAS link...
(See
http://www.microsoft.com/technet/pr...s/activedirectory/deploy/depovg/advpnddd.mspx
for more information)

Jeffrey Randow (Windows Networking & Smart Display MVP)
(e-mail address removed)

Please post all responses to the newsgroups for the benefit
of all USENET users. Messages sent via email may or may not
be answered depending on time availability....

Remote Networking Technology Support Site -
http://www.remotenetworktechnology.com
Windows XP Expert Zone - http://www.microsoft.com/windowsxp/expertzone

 

[Jeffrey Randow (MVP)]

You can do this manually by using WMI... But unless this machine is a
domain member, you will need to run this script manually or build it
into a CMAK script...

Jeffrey Randow (Windows Networking & Smart Display MVP)
(e-mail address removed)

Please post all responses to the newsgroups for the benefit
of all USENET users. Messages sent via email may or may not
be answered depending on time availability....

Remote Networking Technology Support Site -
http://www.remotenetworktechnology.com
Windows XP Expert Zone - http://www.microsoft.com/windowsxp/expertzone

 

[Franz Schenk]

Thanks for the link below, but this describes how to build a routing
topology with RRAS and demand dial interfaces, and has nothing to do with
the problem of adding a route to a VPN Client System. I know that it is easy
to add a static route in Routing and remote access.

The questions that are still unanswered are the followings:
- How is it possible to automatically adds a static route after establishing
a VPN connection, without using CMAK?
- Why is it not possible to specify the default gateway in the "add static
route option" of the dial-in options of a user object in active directory
users and computers ??? In my opinion, defining a static route requires at
least three parameters: Destination Network, Mask, Destination (or Gateway
for the route).

Thanks to all who are able to answer one/both of these questions!
Franz