L2TP VPN and routing

[Thomas Themel]

Hi,

I managed to implement a L2TP-over-IPSEC solution that works nicely with
Windows Clients (2000/XP Pro). However, when the clients dial the VPN
connection in a "road warrior" setting, it seems that ALL traffic is
routed over the VPN connection instead of just the traffic that is
destined for the network the user connects to.

That's obviously not what I want since I pay for the traffic from the
road warrior to the Internet twice, plus it degrades performance.

What I'm trying to achieve is something on the order of

road warrior -> 192.168.0.0/16 over VPN
road warrior -> 172.16.0.0/16 over VPN
road warrior -> all others over normal Internet connection

Is there a way to configure this in a somewhat idiot-proof way? I know I
can try and write a script to figure out the necessary route add/route
delete stuff and teach users to manually run it after connecting, but
that doesn't seem like The Right Thing to me.

Using persistent routes is not possible either since the same users plug
their machines into the LAN directly and need to use the direct routes
there.

Any ideas?

ciao,

 

[Chris Cowling]

Tom,
This is a setting in the VPN connection on the client machines: Use
default gateway on remote network. This can be found in the advanced section
of the TCP/IP properties on the network tab of the connection properties.
When this box is unchecked the client will use it's own internet connection
rather than the VPN.
Hope this helps.....

Kind Regards

Chris Cowling, MCP

"Thomas Themel" <[email protected]>
wrote in message
news:slrnc5g9ls.8kd.themel-microsoft.public.win2000.networking@eristoteles.iwoars.net...