#StackBounty: #vpn #routing #windows-10 Windows 10 won't stop using remote gateway with VPN

Bounty: 50

Hope this is a suitable place to ask. I have a VPN connection set up on my home Windows 10 PC which lets me join the network at my office. At some point I noticed my internet connection seemed very slow and after a little bit of investigation discovered that Windows was routing all non-local traffic through the VPN.

I learned about the ‘Use default gateway on remote network’ checkbox in the IPv4 properties on the VPN connection, and have unchecked it. This solves the problem but only temporarily. After ‘a while’ (don’t know exactly when it happens, I usually notice it within a couple of days) my internet connection feels slow again and sure enough all traffic is being routed through the VPN.

Using route print whilst the traffic is going through the VPN shows:

===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.0.1     192.168.0.10   4506
          0.0.0.0          0.0.0.0         On-link    192.168.12.200     26
      82.4.223.31  255.255.255.255      192.168.0.1     192.168.0.10   4251
        127.0.0.0        255.0.0.0         On-link         127.0.0.1   4556
        127.0.0.1  255.255.255.255         On-link         127.0.0.1   4556
  127.255.255.255  255.255.255.255         On-link         127.0.0.1   4556
      192.168.0.0    255.255.255.0         On-link      192.168.0.10   4506
     192.168.0.10  255.255.255.255         On-link      192.168.0.10   4506
    192.168.0.255  255.255.255.255         On-link      192.168.0.10   4506
   192.168.12.200  255.255.255.255         On-link    192.168.12.200    281
        224.0.0.0        240.0.0.0         On-link         127.0.0.1   4556
        224.0.0.0        240.0.0.0         On-link      192.168.0.10   4506
        224.0.0.0        240.0.0.0         On-link    192.168.12.200     26
  255.255.255.255  255.255.255.255         On-link         127.0.0.1   4556
  255.255.255.255  255.255.255.255         On-link      192.168.0.10   4506
  255.255.255.255  255.255.255.255         On-link    192.168.12.200    281
===========================================================================
Persistent Routes:
  Network Address          Netmask  Gateway Address  Metric
          0.0.0.0          0.0.0.0      192.168.0.1  Default
===========================================================================

My home PC is (statically assigned) 192.168.0.10, with 192.168.0.1 being my home router. The network I am joining through the VPN is 192.168.12.0, given an IP address by DHCP.

I can see it’s added a route to use the VPN and given it the lowest metric. I don’t know what ‘On-link’ means in this context.

The checkbox is still unchecked. If I disconnect and then reconnect the VPN connection, everything is fixed:

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.0.1     192.168.0.10    281
      82.4.223.31  255.255.255.255      192.168.0.1     192.168.0.10     26
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    331
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    331
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    331
      192.168.0.0    255.255.255.0         On-link      192.168.0.10    281
     192.168.0.10  255.255.255.255         On-link      192.168.0.10    281
    192.168.0.255  255.255.255.255         On-link      192.168.0.10    281
     192.168.12.0    255.255.255.0     192.168.12.1   192.168.12.200     26
   192.168.12.200  255.255.255.255         On-link    192.168.12.200    281
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    331
        224.0.0.0        240.0.0.0         On-link      192.168.0.10    281
        224.0.0.0        240.0.0.0         On-link    192.168.12.200    281
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    331
  255.255.255.255  255.255.255.255         On-link      192.168.0.10    281
  255.255.255.255  255.255.255.255         On-link    192.168.12.200    281
===========================================================================
Persistent Routes:
  Network Address          Netmask  Gateway Address  Metric
          0.0.0.0          0.0.0.0      192.168.0.1  Default
===========================================================================

Only traffic for 192.168.12.0 is sent via the VPN, which is what I want.

Does anyone know what could cause Windows to keep suddenly deciding to ignore the ‘Don’t use remote gateway…’ option and adding a route anyway?

Is there some kind of ‘negative route’ I can add permanently which effectively blocks any unwanted traffic going to the VPN?

Edited to add: I also tried manually setting the metric very high in the same page of the VPN IPv4 properties, but this seems to have no effect and is not reflected in the output of route print.

Edit to add: I’ve also noticed another strange behaviour regarding connecting to the VPN. This is all using the built-in Windows 10 client:

If initiating the connection by clicking the network icon in the tray, selecting the VPN and clicking the inline ‘Connect’ button there, it will often get stuck at the ‘Connecting…’ stage for a while then fail.

If I go into the ‘Netowrk & Internet Settings -> VPN’ part of the control panel and initiate the connection from there, it succeeds 100% of the time and very quickly.

I have also been using a third-party utility called AutoVPNConnect, which periodically checks whether the VPN is active and ‘re-dials’ it if not. I couldn’t find any way to get this behaviour reliably within Windows itself. I now suspect that the unwanted route is being added when the utility re-establishes the connection. I don’t believe it’s doing this intentionally.

Possibly there are multiple APIs in Windows for ‘dialling’ a VPN, and they function slightly differently?


Get this bounty!!!

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.