Blog Categories

Subscribe to RSS feed


VPN routing script

Most of us are typically connecting to one or many different client networks from various locations throughout the day, while others (present company included) may be logged into the same VPN tunnel day after day after day.

The default behavior when using a built-in Windows XP Virtual Private Network connection (as well as on some third-party clients, depending on configuration) is to set the default gateway to the VPN connection. This effectively routes all remote traffic over the tunnel, which can cause numerous headaches. For one, at the time of connection currently running apps like Office Communicator, Live Messenger, and Outlook will temporarily lose their connection to their server and either automatically reconnect or require manual intervention. Another issue is access to browse the internet from your workstation to limited by the remote client’s routes, rules, and bandwidth.

Since it is preferable to use your local Internet connection for all outbound traffic and limit traffic to the VPN connection to desired requests only, I wrote a simple command line script that does this, which can be downloaded from the attached zip file at the bottom of this post.

  • Before using the script, edit the Advanced TCP/IP properties of the VPN connection, and uncheck "Use default gateway on the remote network"

    : This script will search the ipconfig command output for a specific
    : subnetwork string and capture the network portion of the IP. It
    : will then use that captured variable to add multiple routes.
    : This specific iteration and version is used to set routes to a
    : network after connecting to their VPN host.  It assumes that the
    : network portion of the leased IP address will not be different
    : from the defined SUBNET variable.  Update that variable declaration
    : if it does in fact change.
    : VERSION:	1.2
    : USAGE:    Modify SUBNET variable
    :	Create valid route statements for unique networks
    : COMMAND LINE: [script name]
    : REQUIREMENTS: 'ipconfig.exe' must be located in %PATH%.
    @echo off
  • Modify the SUBNET value to match the network number of the IP address given to you client by the VPN connection. The command ipconfig /all will display the needed information.
    PPP adapter VPN:
            Connection-specific DNS Suffix  . :
            Description . . . . . . . . . . . : WAN (PPP/SLIP) Interface
            Physical Address. . . . . . . . . : 00-53-45-00-00-00
            Dhcp Enabled. . . . . . . . . . . : No
            IP Address. . . . . . . . . . . . :
            Subnet Mask . . . . . . . . . . . :
    : This variable is the network portion of the IP address.
    : usage: "set SUBNET=[NETWORK]"
    set SUBNET=10.10.10
    : Set temporary files
    set TFILE=routes.tm1
    set OFILE=routes.tm2
    if exist %TFILE% del %TFILE%
    if exist %OFILE% del %OFILE%
    : Discover host portion of VPN-assigned IP address
    ipconfig >> %TFILE%
    findstr /i /c:"%SUBNET%." %TFILE% >> %OFILE%
    for /f "tokens=16 delims=." %%i in (routes.tm2) do set IP=%%i
  • Enter a new route statement for each desired remote subnetwork. Delete the existing lines in this script as they are examples only.
    : Add temporary routes to remote networks
    : usage: "route add [NETWORK] mask [SUBNET MASK] %SUBNET%.%IP%"
    route add mask %SUBNET%.%IP%
    route add mask %SUBNET%.%IP%
    : Temporary File Cleanup
    if exist %TFILE% del %TFILE%
    if exist %OFILE% del %OFILE%
  • Once it’s setup, simply open VPN connection, and then run this from the command line, a shortcut, or however you like.

  • Leave a Reply