By default the windows vpn client has this checked in the advanced tcp/ip settings: Use default gateway on remote network…
I do not want to use the default remote gateway… (the clients internet access uses the company network when it is like this) how can I set up the win 2008 RRAS server to not give out this gateway, or disable this? can I make a special dhcp scope (with no gateway defined) and tie incoming pptp connections to it? are there any other methods? — without doing anything to the client… I want to be able to just leave it checked–
Thanks!
Best Answer
The settings you're looking to change are client-side only, unfortunately. Unlike, say, OpenVPN, where you "push" configuration information from the VPN server to the client, in the Microsoft VPN client the "Use default gateway on remote network" option is set client-side only.
The Connection Manager Administation Kit (CMAK) will let you build an EXE that can be run on clients to setup the VPN connection with all the parameters you want.
Some frustration may come from the unfortunate method by which the client receives a route to the remote network. When the "Use default gateway on remote network" option is disabled, the client receives a route to the remote network based on the "classful" IP address of the VPN server (this changes in Windows 7, but I don't have details of the change handy). If you're just doing a VPN into a little "/24" network numbered "192.168.x.x", then this will work out fine.
If you have a more complex topology, though, this will give you fits. The CMAK is supposed to give you a way to run a script on the client after the VPN comes up, and to modify the client's routing table, but I've never actually gotten that functionality to work on Windows XP SP2-based client computers. I'd love to hear from somebody who has.