Microsoft VPN Add routes after bringing connection up

Written by James McDonald

April 3, 2024

I have an old school L2TP VPN which by default becomes the default gateway when I connect.

To stop the VPN Connection being the default gateway on Windows uncheck the "Use default gateway on remote network"

The side effect of this is you gain access to local subnets that aren’t your current one but you lose your access to the remote subnets not published by the VPN Server

To add routes to your VPN Connection

So to fix that use Powershell with an administrative prompt and add the routes with Add-VpnConnectionRoute

Add-VpnConnectionRoute -ConnectionName JMWORKVPN -DestinationPrefix 172.16.2.0/24
Add-VpnConnectionRoute -ConnectionName JMWORKVPN -DestinationPrefix 192.168.45.0/24
Add-VpnConnectionRoute -ConnectionName JMWORKVPN -DestinationPrefix 192.168.44.0/28
Add-VpnConnectionRoute -ConnectionName JMWORKVPN -DestinationPrefix 10.19.18.0/24

Check that the routes are added using

route print | more

Once you run the above powershell each time your start the VPN it will add those routes again and remove them when the VPN is shut down.

To remove the VPN from being the default route

Go into Control Panel => Network and Internet => Network Sharing Center => Change adapter settings

Right mouse button the connection and choose properties and then open the Networking tab

Important make sure you uncheck “Use default gateway on remote network” and check the “Disable class based route addition”.

Disable class based route addition because if you are given 10.10.220.5/24 as an VPN address the VPN client will add a 10.0.0.0/8 route to the VPN and will route the traffic destined for your local RFC 1918 10/8 subnets subnets over the VPN

It is the same if you receive a VPN IP address for another of RFC1918 subnets.

10.0.0.0        -   10.255.255.255  (10/8 prefix)
172.16.0.0 - 172.31.255.255 (172.16/12 prefix)
192.168.0.0 - 192.168.255.255 (192.168/16 prefix)

0 Comments

Submit a Comment

Your email address will not be published. Required fields are marked *

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

The reCAPTCHA verification period has expired. Please reload the page.

You May Also Like…

Network speed test host to host

On Ubuntu / Debian apt-get install iperf3 On Windows download it from https://iperf.fr/iperf-download.php#windows Make...

Clear HSTS Settings in CHrome

Open chrome://net-internals/#hsts enter the domain in the query field and click Query to confirm it has HSTS settings...