Windows remote access server (PPTP) advertised routes

Question

How does a routing and remote access server pick up routes to advertise to clients, and where can a list of routes being provided be reviewed?

One of our users is reporting that the server is advertising a route which is valid, but has never been entered in the static routes section of the RRAS server, or told/provided to them at any time. In fact the static route section is currently empty.

RIP is not configured at this time, so its not coming from there that I can tell.

we are using PPTP, not l2tp.

Answer 1

There is no way to push routes from a PPTP server. The connection is established and configured using IPCP, the PPP Internet Protocol Control Protocol defined in RFC 1332. In fact, its very name ("Point to Point") implies that you won't find any support for routing.

Which routes are available depend entirely on the client-side configuration. There are three different ways to configure the client.

1. Use default gateway on remote network. This allows you to access all remote networks, but prevents you from accessing local networks.
2. Class-based route addition. If you aren't using method #1, then most clients will set up a route based on the IP address of the PPTP adapter.
3. For Windows clients, you can use CMAK to configure a connection profile and deploy that to your VPN clients. Essentially you are creating a script to add custom routes when the PPTP connection is open.

Answer 2

Part of the pptp exchange can include a route. You can also configure windows to download a route-file which can have as many custom routes as you want. Honestly, I would not suggest using PPTP in a production environment, as it has some known security flaws and is not as reliable as L2TP over IPSEC.