1

I need to configure split tunnelling with persistent routes for 2 VPN connections on the same computer as the user needs to connect to 2 different corporate servers at the same time. I have a problem though as the VPN interface # varies in some instances and thus the routes are not being used properly and consistently when the VPN connections are established.

Here are the routes I added:

route add -p 192.168.10.0 mask 255.255.255.0 0.0.0.0 IF 24
route add -p 10.8.18.0 mask 255.255.255.0 0.0.0.0 IF 23

24 being the VPN interface number for VPN 1, 23 for VPN 2. See below.

C:\Windows\system32>route print
===========================================================================
Interface List
 24...........................VPN 1
 23...........................VPN 2
 17...da d1 cb e2 2c ad ......Apple Mobile Device Ethernet
  1...........................Software Loopback Interface 1
 12...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
 13...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
 14...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
 16...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #3
===========================================================================

If I add the routes after connecting to the VPNs then it all works fine but if I disconnect the two VPN connections and then reconnect them in a different order, then the routes are messed up and obviously I can't access the remote networks.

Is there any another way to make the route use a specific interface persistently?

Hanuman
  • 11
  • 1
  • 1
  • 4

2 Answers2

2

When multiple VPNs connect in random order, their interface IDs change. Therefor the normal ROUTE -P ADD 10.0.0.0 MASK 255.255.0.0 10.0.0.1 IF 42 does not work. The next time the VPN connects it might have a different interface number.

Powershell has a cmdlet available that adds routes on VPN connection and removes them again when the VPN is disconnected: Add-VpnConnectionRoute. It works without having to specify the interface ID.

The basic syntax is like this:

Add-VpnConnectionRoute -ConnectionName "VPN Connection Name" -DestinationPrefix 10.0.0.0/16

After entering this command, the routes will be created/removed automatically on connection/disconnection of the VPN.

ErikvO
  • 369
  • 2
  • 5
  • I tried PowerShell. It returns the following error: PS C:\WINDOWS\system32> Add-VpnConnectionRoute -ConnectionName "VPN 1" -DestinationPrefix "192.168.10.0/16" Add-VpnConnectionRoute : Invalid parameter DestinationPrefix 192.168.10.0/16. : The parameter is incorrect. At line:1 char:1 + Add-VpnConnectionRoute -ConnectionName "VPN 1" -DestinationPref ... + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : InvalidArgument: (VPN 1:root/Microsoft/...ConnectionRoute) [Add-VpnConnectionRoute], CimExceptio n + FullyQualifiedErrorId : WIN32 87,Add-VpnConnectionRoute – Hanuman Mar 14 '16 at 04:49
  • I think the IP range you provided might be invalid: 192.168.10.0/16. I think it should either be 192.168.0.0/16 or 192.168.10.0/24. – ErikvO Mar 15 '16 at 12:01
  • Yeah that was dumb of me. It works now. Thank you. – Hanuman Mar 15 '16 at 13:18
  • how to do in powershell similar as `route PRINT`? – Tilo Dec 22 '17 at 22:52
  • Ok any reference to "Add-VPNConnectionRoute" in Powershell is Windows 10 only. That command is not supported in Windows 7, so if you're running Windows 7 we're still screwed until someone finds a way.. – user3513074 May 10 '18 at 05:29
  • Actually, according to the technet link I provided it works from Windows 8.1 and up, but you're right: Windows 7 (and 8.0) users still have a problem. – ErikvO May 11 '18 at 11:32
  • 1
    @Tilo : similar to route print `(Get-VpnConnection -Name $Name -AllUserConnection).routes` – lese Dec 03 '20 at 12:45
-1

And what if you would add router instead and use http://www.cisco.com/c/en/us/support/docs/routers/3600-series-multiservice-platforms/91193-rtr-ipsec-internet-connect.html that way you could do what you want if am correct ?

St3f4n
  • 1
  • 2