Microsoft Windows Vista Community Forums - Vistaheads
Recommended Download



Welcome to the Microsoft Windows Vista Community Forums - Vistaheads, YOUR Largest Resource for Windows Vista related information.

You are currently viewing our boards as a guest which gives you limited access to view most discussions and access our other features. By joining our free community you will have access to post topics, communicate privately with other members (PM), respond to polls, upload content and access many other special features. Registration is fast, simple and absolutely free so , join our community today!

If you have any problems with the registration process or your account login, please contact us.

Driver Scanner

Split tunneling with cmak

microsoft.public.windows.vista.security






Speedup My PC
Reply
  #1 (permalink)  
Old 11-15-2007
Martin Rhodin
 

Posts: n/a
Split tunneling with cmak
Hi

I have made a cmak vpn connection, wich have added some routes and removed
the default gateway so both intranet and the user's own internet gateway is
available. Now this works on Windows XP but it doesnt in Vista, and i think
its some security issue. I have turned of UAC and have no third party
firewall. The intranet is available but the internet is not. Googled for a
solution but it doenst seem like there is one and its a know issue for many
people.Please advice if you have any thoughts on this.

Thank you.

Martin Rhodin


Reply With Quote
Sponsored Links
  #2 (permalink)  
Old 11-25-2007
Ashish Pingle
 

Posts: n/a
RE: Split tunneling with cmak
Hi,

I have got a workaround for this issue. While installing the dialer make
sure that it is installed using "My use only" option which is default. Next,
I haven't tried this with UAC disabled, it works for sure when UAC is
enabled. Try it let me know the status.

Thanks

Ashish Pingle

"Martin Rhodin" wrote:

> Hi
>
> I have made a cmak vpn connection, wich have added some routes and removed
> the default gateway so both intranet and the user's own internet gateway is
> available. Now this works on Windows XP but it doesnt in Vista, and i think
> its some security issue. I have turned of UAC and have no third party
> firewall. The intranet is available but the internet is not. Googled for a
> solution but it doenst seem like there is one and its a know issue for many
> people.Please advice if you have any thoughts on this.
>
> Thank you.
>
> Martin Rhodin
>
>
>

Reply With Quote
  #3 (permalink)  
Old 04-03-2008
jasonpgreen
 

Posts: n/a
Re: Split tunneling with cmak

I've found a work around for this. Instead of using the CMAK Rounting
Table update, ues the Classless Static Routes DHCP Option.

USING THE CLASSLESS STATIC ROUTES DHCP OPTION

Windows 2000, Windows XP, and Windows Server 2003-based VPN clients
send a DHCPInform message to the VPN server, requesting a set of DHCP
options. This is done so that the VPN client can obtain an updated list
of DNS and WINS servers and a DNS domain name that is assigned to the
VPN connection. The DHCPInform message is forwarded to a DHCP server on
the organization intranet by the VPN server and the response is sent
back to the VPN client.
Windows XP and Windows Server 2003-based VPN clients include the
Classless Static Routes DHCP option in their list of requested DHCP
options. If configured on the DHCP server, the Classless Static Routes
DHCP option contains a set of routes representing the address space of
your intranet. These routes are automatically added to the routing table
of the requesting client when it receives the response to the DHCPInform
message and automatically removed when the VPN connection is
terminated.
The Windows Server 2003 DHCP Server service supports the configuration
of the Classless Static Routes option (option number 249).

To use the Classless Static Routes option for split tunneling,
configure this option for the scope that corresponds to the intranet
subnet to which the VPN server is connected. Next, add the set of routes
that correspond to the summarized address space of your organization
intranet. For example, if you use the private IP address space for your
organization intranet, the Classless Static Routes option would have the
following three routes:

- 10.0.0.0 with the subnet mask of 255.0.0.0
- 172.16.0.0 with the subnet mask of 255.240.0.0
- 192.168.0.0 with the subnet mask of 255.255.0.0The Router IP address for each route added to the Classless Static
Routes option should be set to the IP address of a router interface on
the intranet subnet to which the VPN server is connected. For example,
if the VPN server is connected to the intranet subnet 10.89.211.0/24 and
the IP address of the intranet router on this subnet is 10.89.21.1, then
set the Router IP address for each route to 10.89.21.1.

NOTE:

Do _not_ set the VPN connection to be the default gateway.

You will also need Vista SP1 or this 'You cannot use a remote access
server to apply DHCP options to a Windows Vista-based computer'
(http://support.microsoft.com/kb/933340/) hotfix.

hope this helps


--
jasonpgreen
Reply With Quote
  #4 (permalink)  
Old 05-16-2008
timinator
 

Posts: n/a
Re: Split tunneling with cmak

Hi, I'm having this problem also and would love to get it solved as more
people are trying to connect to our vpn using Vista. I'm a bit confused
at the above explaination. My vpn server is an Windows 2003 appliance
with a custom front end. I'm not sure how to modify the DHCP scope in
the way decribed. Any help would be appreciated.

Thanks
Tim


--
timinator
Reply With Quote
  #5 (permalink)  
Old 05-19-2008
jasonpgreen
 

Posts: n/a
Re: Split tunneling with cmak

Hi Tim,

If you are using Windows 2003 standard Routing and Remote Access, then
you just need to set it, in properties, to assign IP addresses via DHCP.
Then add the Classless Static routes in the Windows 2003 DHCP server.

Cheers

Jason


--
jasonpgreen
Reply With Quote
  #6 (permalink)  
Old 05-19-2008
timinator
 

Posts: n/a
Re: Split tunneling with cmak

Jason, the server does supply addresses via DHCP. And also static
routes. The front creates the connectoid using CMAK. Here is at look at
the routes added by CMAK during the wizard.

REMOVE_GATEWAY
ADD 172.17.0.0 MASK 255.255.0.0 default METRIC default IF default
ADD 172.18.1.10 MASK 255.255.255.255 default METRIC default IF default
ADD 192.99.99.163 MASK 255.255.255.255 default METRIC default IF
default

but on connection from the client, Vista will not allow these commands
to run.

Thanks
Tim


--
timinator
Reply With Quote
  #7 (permalink)  
Old 05-22-2008
jasonpgreen
 

Posts: n/a
Re: Split tunneling with cmak

Hi Tim,

You need to recreate the CMAK.

1. Remove the part that adds the routes:
REMOVE_GATEWAY
ADD 172.17.0.0 MASK 255.255.0.0 default METRIC default IF default
ADD 172.18.1.10 MASK 255.255.255.255 default METRIC default IF default
ADD 192.99.99.163 MASK 255.255.255.255 default METRIC default IF
default

2. Make sure you do _not_ select the CMAK VPN as the default route.

Then add the Classless Static Routes to you DHCP server as I descibed
previously. Then the DHCP serve will provide the required static
routes.

Cheers

Jason


--
jasonpgreen
Reply With Quote
  #8 (permalink)  
Old 05-22-2008
timinator
 

Posts: n/a
Re: Split tunneling with cmak

Thanks for that info. I'm still not sure where to add the classless
routes? Is it the server's static routes?


Thanks


--
timinator
Reply With Quote
  #9 (permalink)  
Old 05-22-2008
jasonpgreen
 

Posts: n/a
Re: Split tunneling with cmak

Take a look at the attached screen shot.

Jason


+-------------------------------------------------------------------+
|Filename: dhcp.JPG |
|Download: http://vista64.net/forums/attachment.php?attachmentid=4024|
+-------------------------------------------------------------------+

--
jasonpgreen
Reply With Quote
  #10 (permalink)  
Old 05-22-2008
timinator
 

Posts: n/a
Re: Split tunneling with cmak

I'm not abe to get to that module. The "Manage your Server" or
"Configure your Server wizard" are not available in "Adminstrative
Tools". Is there a run command to get there?

Thanks


--
timinator
Reply With Quote
Reply


Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
Terredo Tunneling, etc. =?Utf-8?B?TGFycnkgRQ==?= microsoft.public.windows.vista.general 9 03-09-2010 21:26
Re: CMAK and Vista RTM. kyoo microsoft.public.windows.vista.general 0 06-29-2007 18:28
CMAK "remove_gateway" in Vista Breaks VPN =?Utf-8?B?RGVyZWsgSm9obnNvbg==?= microsoft.public.windows.vista.networking sharing 1 03-29-2007 02:08
Tunneling problem Tom Brown microsoft.public.windows.vista.general 0 03-17-2007 04:11
PPTP Split Tunneling C R C microsoft.public.windows.vista.general 0 03-13-2007 12:28




All times are GMT +1. The time now is 09:21.




Driver Scanner - Free Scan Now

Vistaheads.com is part of the Heads Network. See also XPHeads.com , Win7Heads.com and Win8Heads.com.


Design by Vjacheslav Trushkin for phpBBStyles.com.
Powered by vBulletin® Version 3.6.7
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Search Engine Optimization by vBSEO 3.6.0 RC 2

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120