Setting Static Routes with PowerShell when connecting to a PPTP VPN
Sometimes as a consultant I have a need to connect to customer or client networks to carry out some of the work. This typically involves a myriad of different remote connection and VPN style systems. Some are better than others and while it’s possible to use different VMs to connect to them, that’s not always practical. Typically I only want traffic destined for the remote system(s) to go down the VPN, not all of my Internet traffic.
Many reasons for this, but one of the top ones is that it sends my Lync client used for internal communication into a frenzy of disconnecting / re-connecting to conversations if the VPN connection drops any time during the day. This leads to timed out messages and half the time wondering if the message got through, whether to send it again and generally a pretty frustrating experience.
One of the VPN connections I need to use is pretty basic and uses a PPTP connection created via the built-in wizard in Windows.
I hadn’t used one of these for a long time and thankfully a colleague pointed out to me the other day that by changing it’s configuration it was possible not to send all of your Internet traffic down it.
Clearing the below setting Use default gateway on remote network will stop all Internet destined traffic heading down that connection.
Then we simply need to set a static route for the subnet we want to connect to via the VPN and send it down that route. So it will be something like:
route add 172.15.36.0 mask 255.255.0.0 172.100.25.37 metric 1
However, the IP I’m allocated from the VPN server (172.100.25.37 above) may change every time I connect to the VPN.
So I put together the below function which will grab the IP that has been allocated and use it in the route add command. Since I wanted to support downlevel OSs for people like me using Windows 7 I went with ipconfig to get this info rather than than the newer networking cmdlets like Get-NetIPAddress . Consequently, I used this really handy tip on filtering ipconfig output.
Then all I need to do is run the following (note: make sure your PowerShell session has elevated privileges):
Set-VPNRoute -VPNNetwork 172.100.25 -RouteNetwork 172.15.36.0 -RouteMask 255.255.0.0
function Set-VPNRoute { <# .SYNOPSIS Set a route for VPN traffic
.DESCRIPTION Set a route for VPN traffic
.PARAMETER VPNNetwork VPN Connected Network
.PARAMETER RouteNetwork Target Route
.PARAMETER RouteMask Target Mask
.INPUTS System.String.
.OUTPUTS None.
.EXAMPLE PS> Set-VPNRoute -VPNNetwork 192.168.200 -RouteNetwork 192.168.60.0 -RouteMask 255.255.255.0
#> \[CmdletBinding()\]
Param (
\[parameter(Mandatory=$true)\] \[ValidateNotNullOrEmpty()\] \[String\]$VPNNetwork,
\[parameter(Mandatory=$true)\] \[ValidateNotNullOrEmpty()\] \[String\]$RouteNetwork,
\[parameter(Mandatory=$true)\] \[String\]$RouteMask )
try {
$VPNIP = @(ipconfig) -like "\*$VPNNetwork\*" $VPNIP = $VPNIP\[0\].substring($VPNIP\[0\].length - 14, 14) route add $RouteNetwork mask $RouteMask $VPNIP metric 1 | Out-Null } catch \[Exception\]{
throw "Unable to set VPN Route" } }