Routing to Multiple Networks behind VPN Server

  • Article

Approach 1:

On Security stand point use Default Gateway in the remote network else create batch file to add route on each client. The batch file can be created using Client Management Administration Kit (CMAK). CMAK can be used to save or export VPN Client for other computers.

Firstly; To install CMAK:

1. Click on Start > Control Panel > Add or Remove Programs.

2. Click on Add/Remove Windows Components option in the Add or Remove Program dialog box.

3. Mouse select the Management and Monitoring Tools component from the Windows Component wizard with out selecting the check box option against it and click on Details button.

4. This would launch the Accessories and Utilities dialog box select the check box against the Connection Manager Administration Kit and click OK.

5. Click Next in the Windows Component wizard dialog box and on completion of installation click on the Finish button in the Windows Component wizard.

Secondly; To create the profile using CMAK:

1. Click on Start > All Programs > Administrative Tools > Connection Manager Administration Kit

2. Click Next and then select New profile option in the Service Profile Selection page of the Connection Manager Administration Kit Wizard. Click Next.

3. Provide the Service name and File name (executable file for the profile) in the Service File Names page of the Connection Manager Administration Kit Wizard. Click Next.

4. By default Do not add realm name to the user name option will be selected in the Realm Name page of the Connection Manager Administration Kit wizard. Click Next.

5. If you wish to merge any old profile information then you can achieve the same in the Merging Profile Information page of the Connection Manager Administration Kit wizard. Otherwise if it is the first time profile creation then there would not be any profile available for merging. Click Next.

6. In the VPN Support page of the Connection Manager Administration Kit wizard, you can make this profile to support VPN connections for remote access to private networks over the Internet. One can associate a phone book for the profile for the user to dial a phone number from the same phone book. This is achieved by selecting the Phone book from this profile option and you can always connect to a VPN Server by providing the VPN Server name or IP Address by selecting the Always use the same VPN Server option or provide a list of VPN Server (.txt) file by selecting the option Allow the user to choose a VPN server before connecting. You can also use the same user name and password for the dial-up and VPN connections by selecting the check box for Use the same user name and password for VPN and dial-up connections. Click Next.

6. Phone book file for the profile can be associated to the profile in the Phone Book page of the Connection Manager Administration Kit wizard. Click Next. If you want the phone book updates to downloaded automatically select the check box Automatically download the phone book updates. Click Next.

7. Phone Book Updates page of the Connection Manager Administration Kit is part of the wizard as check box Automatically download the phone book updates was selected in the previous page (Phone Book) of the wizard. For automatic download to happen we need to provide the Phone book name and the server from which the phone book updates will be downloaded in the Connection Point Services Server field. Click Next.

8. In the Dial-up Networking Entries page of the wizard one can edit the profile for the following:

            a. DNS and WINS addresses can be either obtained from the server or can be provided manually for all the clients.

            b. Security settings can be configured: Basic settings – Select authentication method (allow any method; require a secured password; require a Microsoft secured password) and Advanced settings – Select Data encryption (No encryption; Require encryption; Optional encryption) and the following Logon security – Select EAP (MD5-Challenge; Smart Card or other certificate) and select Authentication methods (PAP; SPAP; CHAP; MS-CHAP; MS-CHAPv2). Click Next.

9. Routing Table Update page of the wizard is where we could associate a routing table file (.txt) by selecting the Define a routing table update option and URL to the route file can be provided in the URL to a route file field or routing table should not be changed then select the Do not change the routing tables option. Click Next.

10. Automatic Proxy Configuration page of the wizard can be used to automatically configure proxy settings by the profile for the clients using this profile for connections. Select the Automatically configure proxy settings option and associate the txt file which has information on the proxy settings. Profile can also take care to revert back to the old proxy settings after the disconnection by selecting the check box against Restore the users previous proxy settings after disconnecting. Click Next.

11. Custom Actions page of the wizard can be used to configure certain actions under the following action type (Pre-init; Pre-connect; Pre-dial; Post-connect; monitored; disconnect; on cancel; on error or all). Click Next.

12. Logon Bitmap page of the wizard enables the user to select the display graphic in the Connection Manager logon dialog box. Click Next.

13. Phone Book Bitmap page of the wizard enables the user to select the display graphic in the phone book dialog box. Click Next.

14. Icons page of the wizard enables the user to select the custom icons or default icons to display in the Connection manager user interface. Click Next.

15. Notification Area Shortcut Menu page of the wizard to create a shortcut menu for Status and Disconnect which will be display icon in the notification area of the taskbar. Click Next.

16. Help File page of the wizard enables the user to select Default Help file or Custom Help file. Click Next.

17. Support Information page of the wizard enabled the user to direct to the support of the service provider. This is handled by providing the telephone contact number in the Support Information field. Click Next.

18. Connection Manager Software page of the wizard enables the user to Install Connection Manager with the service profile. And all the previous versions of Connection Manager will be upgraded to the current/newer version. This is achieved by selecting the check box against the Install Connection Manager 1.3 with this service profile. Click Next.

19. License Agreement page of the Connection Manager Administration Kit wizard can be used by the user add a license agreement to this profile. Client will not be able to continue with installation until the agreement is accepted. This is achieved by selecting the license agreement (.txt) file in the File Name field. Click Next.

20. Additional File page in the wizard is to include additional files in the profile. Click Next.

21. Ready to Build the Service Profile page in the wizard is the last but one stage to build the service profile. Click Next will not be possible to change any of the previous settings. However in this page by selecting the Advanced Customization check box user can modify the files that are included in this profile by their version or value in the Advanced Customization page in the wizard. Click Next.

22. Build of the service profile is through and the wizard’s last page Completing the Connection Manager Administration Kit wizard will display the executable file and its path. Click Finish.

Thirdly, To install and run the created Connection Manager Service Profile:

1. Go to the path where the profile is been created typically this will be under Program FilesCmakProfiles<name of the profile> of the localhost.

2. Double click on the file <name of the profile>.exe and Click Yes.

3. It would prompt for connection to be available for All users/My use only select the appropriate option. If a shortcut is required on the desktop then select the check box against Add a shortcut on the desktop. Click OK. This would install the service profile.

4. Go to Network Connections and under the Connection Manager double click on the connection object with <name of the profile> and provide the user name and password and click Connect.

Approach 2:

Route list can also be set on the DHCP Server and setup the VPN Server to send the routes from DHCP Server to your VPN Clients upon connection. With the last approach we do not have to set the default gateway on the remote network.

Mahesh Narayanan
Program Manager
RRAS, Windows Enterprise Networking
[This posting is provided "AS IS" with no warranties, and confers no rights.]