#StackBounty: #virtualbox #virtual-machine #routing #vpn How to route traffic through VPN only accessible within VM (without a bridged …

Bounty: 50

I have an interesting situation where I have a corporate VPN that can only connect through a specific (outdated) version of Ubuntu (and/or Windows) using a vendor-supplied client that creates a VPN interface on tun0 upon successful authentication. I use a different distribution on my personal Linux machine, on which the VPN client will not run because of library issues.

As a workaround, I have more-or-less figured out how to configure the Ubuntu VM (on VirtualBox) to work as a router when the VM is configured in bridge mode. Unfortunately, this works on some networks (like my home one) because I can get another IP no problem for my bridged VM, but on many public networks, this does not work.

I believe I should be able to do this with two network adapters on the VM, one with NAT, and one as a Host-Only connection, but I’m not sure how to set up the routing so that I can send traffic on my host through the VPN tunnel.

Here’s the setup so far:

[host]$ VBoxManage list hostonlyifs 

Name:            vboxnet0
GUID:            786f6276-656e-4074-8000-0a0027000000
DHCP:            Disabled
IPAddress:       192.168.56.1
NetworkMask:     255.255.255.0
IPV6Address:     fe80::800:27ff:fe00:0
IPV6NetworkMaskPrefixLength: 64
HardwareAddress: 0a:00:27:00:00:00
MediumType:      Ethernet
Wireless:        No
Status:          Up
VBoxNetworkName: HostInterfaceNetworking-vboxnet0

The guest interfaces (after connecting to the vpn – enp0s3 is the NAT adapter, enp0s8 is the host-only adapter):

[guest]$ ip addr show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
2: enp0s3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
    link/ether 08:00:27:b2:d9:c2 brd ff:ff:ff:ff:ff:ff
    inet 10.0.2.15/24 brd 10.0.2.255 scope global dynamic noprefixroute enp0s3
       valid_lft 83176sec preferred_lft 83176sec
3: enp0s8: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
    link/ether 08:00:27:3c:81:82 brd ff:ff:ff:ff:ff:ff
    inet 192.168.56.101/24 brd 192.168.56.255 scope global dynamic noprefixroute enp0s8
4: tun0: <POINTOPOINT,UP,LOWER_UP> mtu 1384 qdisc fq_codel state UNKNOWN group default qlen 500
    link/none 
    inet XXX.XXX.XXX.XXX peer 1.1.1.1/32 scope global tun0

On the guest, I enable translation between the host-only adapter and the VPN tunnel with the following commands:

sudo sysctl net.ipv4.conf.all.forwarding=1
sudo sysctl net.ipv6.conf.all.forwarding=1
sudo iptables -A FORWARD -i enp0s8 -o tun0 -j ACCEPT
sudo iptables -A FORWARD -i tun0 -o enp0s8 -j ACCEPT
sudo iptables -t nat -A POSTROUTING -o tun0 -j MASQUERADE

On the host, I can replace the default route with 192.168.56.1 (the host-only VM adapter), but then obviously no data can get out at all. Since the VM is not getting it’s own access to the internet, I need to have some traffic coming in/out to the internet through the host, but then I would like to force as much as possible of that to go through the VM’s VPN connection. It feels like I’m close, and this should be possible, but I’m not sure what the missing piece is.

On a side note, I think I could get this to work for certain applications by perhaps doing an SSH SOCKS proxy to the VM, perhaps? I’d like to route all traffic through the VPN, if possible.


Get this bounty!!!

#StackBounty: #vpn #routing #windows-10 Windows 10 won't stop using remote gateway with VPN

Bounty: 50

Hope this is a suitable place to ask. I have a VPN connection set up on my home Windows 10 PC which lets me join the network at my office. At some point I noticed my internet connection seemed very slow and after a little bit of investigation discovered that Windows was routing all non-local traffic through the VPN.

I learned about the ‘Use default gateway on remote network’ checkbox in the IPv4 properties on the VPN connection, and have unchecked it. This solves the problem but only temporarily. After ‘a while’ (don’t know exactly when it happens, I usually notice it within a couple of days) my internet connection feels slow again and sure enough all traffic is being routed through the VPN.

Using route print whilst the traffic is going through the VPN shows:

===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.0.1     192.168.0.10   4506
          0.0.0.0          0.0.0.0         On-link    192.168.12.200     26
      82.4.223.31  255.255.255.255      192.168.0.1     192.168.0.10   4251
        127.0.0.0        255.0.0.0         On-link         127.0.0.1   4556
        127.0.0.1  255.255.255.255         On-link         127.0.0.1   4556
  127.255.255.255  255.255.255.255         On-link         127.0.0.1   4556
      192.168.0.0    255.255.255.0         On-link      192.168.0.10   4506
     192.168.0.10  255.255.255.255         On-link      192.168.0.10   4506
    192.168.0.255  255.255.255.255         On-link      192.168.0.10   4506
   192.168.12.200  255.255.255.255         On-link    192.168.12.200    281
        224.0.0.0        240.0.0.0         On-link         127.0.0.1   4556
        224.0.0.0        240.0.0.0         On-link      192.168.0.10   4506
        224.0.0.0        240.0.0.0         On-link    192.168.12.200     26
  255.255.255.255  255.255.255.255         On-link         127.0.0.1   4556
  255.255.255.255  255.255.255.255         On-link      192.168.0.10   4506
  255.255.255.255  255.255.255.255         On-link    192.168.12.200    281
===========================================================================
Persistent Routes:
  Network Address          Netmask  Gateway Address  Metric
          0.0.0.0          0.0.0.0      192.168.0.1  Default
===========================================================================

My home PC is (statically assigned) 192.168.0.10, with 192.168.0.1 being my home router. The network I am joining through the VPN is 192.168.12.0, given an IP address by DHCP.

I can see it’s added a route to use the VPN and given it the lowest metric. I don’t know what ‘On-link’ means in this context.

The checkbox is still unchecked. If I disconnect and then reconnect the VPN connection, everything is fixed:

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.0.1     192.168.0.10    281
      82.4.223.31  255.255.255.255      192.168.0.1     192.168.0.10     26
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    331
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    331
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    331
      192.168.0.0    255.255.255.0         On-link      192.168.0.10    281
     192.168.0.10  255.255.255.255         On-link      192.168.0.10    281
    192.168.0.255  255.255.255.255         On-link      192.168.0.10    281
     192.168.12.0    255.255.255.0     192.168.12.1   192.168.12.200     26
   192.168.12.200  255.255.255.255         On-link    192.168.12.200    281
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    331
        224.0.0.0        240.0.0.0         On-link      192.168.0.10    281
        224.0.0.0        240.0.0.0         On-link    192.168.12.200    281
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    331
  255.255.255.255  255.255.255.255         On-link      192.168.0.10    281
  255.255.255.255  255.255.255.255         On-link    192.168.12.200    281
===========================================================================
Persistent Routes:
  Network Address          Netmask  Gateway Address  Metric
          0.0.0.0          0.0.0.0      192.168.0.1  Default
===========================================================================

Only traffic for 192.168.12.0 is sent via the VPN, which is what I want.

Does anyone know what could cause Windows to keep suddenly deciding to ignore the ‘Don’t use remote gateway…’ option and adding a route anyway?

Is there some kind of ‘negative route’ I can add permanently which effectively blocks any unwanted traffic going to the VPN?

Edited to add: I also tried manually setting the metric very high in the same page of the VPN IPv4 properties, but this seems to have no effect and is not reflected in the output of route print.

Edit to add: I’ve also noticed another strange behaviour regarding connecting to the VPN. This is all using the built-in Windows 10 client:

If initiating the connection by clicking the network icon in the tray, selecting the VPN and clicking the inline ‘Connect’ button there, it will often get stuck at the ‘Connecting…’ stage for a while then fail.

If I go into the ‘Netowrk & Internet Settings -> VPN’ part of the control panel and initiate the connection from there, it succeeds 100% of the time and very quickly.

I have also been using a third-party utility called AutoVPNConnect, which periodically checks whether the VPN is active and ‘re-dials’ it if not. I couldn’t find any way to get this behaviour reliably within Windows itself. I now suspect that the unwanted route is being added when the utility re-establishes the connection. I don’t believe it’s doing this intentionally.

Possibly there are multiple APIs in Windows for ‘dialling’ a VPN, and they function slightly differently?


Get this bounty!!!

#StackBounty: #vpn #routing #windows-10 Windows 10 won't stop using remote gateway with VPN

Bounty: 50

Hope this is a suitable place to ask. I have a VPN connection set up on my home Windows 10 PC which lets me join the network at my office. At some point I noticed my internet connection seemed very slow and after a little bit of investigation discovered that Windows was routing all non-local traffic through the VPN.

I learned about the ‘Use default gateway on remote network’ checkbox in the IPv4 properties on the VPN connection, and have unchecked it. This solves the problem but only temporarily. After ‘a while’ (don’t know exactly when it happens, I usually notice it within a couple of days) my internet connection feels slow again and sure enough all traffic is being routed through the VPN.

Using route print whilst the traffic is going through the VPN shows:

===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.0.1     192.168.0.10   4506
          0.0.0.0          0.0.0.0         On-link    192.168.12.200     26
      82.4.223.31  255.255.255.255      192.168.0.1     192.168.0.10   4251
        127.0.0.0        255.0.0.0         On-link         127.0.0.1   4556
        127.0.0.1  255.255.255.255         On-link         127.0.0.1   4556
  127.255.255.255  255.255.255.255         On-link         127.0.0.1   4556
      192.168.0.0    255.255.255.0         On-link      192.168.0.10   4506
     192.168.0.10  255.255.255.255         On-link      192.168.0.10   4506
    192.168.0.255  255.255.255.255         On-link      192.168.0.10   4506
   192.168.12.200  255.255.255.255         On-link    192.168.12.200    281
        224.0.0.0        240.0.0.0         On-link         127.0.0.1   4556
        224.0.0.0        240.0.0.0         On-link      192.168.0.10   4506
        224.0.0.0        240.0.0.0         On-link    192.168.12.200     26
  255.255.255.255  255.255.255.255         On-link         127.0.0.1   4556
  255.255.255.255  255.255.255.255         On-link      192.168.0.10   4506
  255.255.255.255  255.255.255.255         On-link    192.168.12.200    281
===========================================================================
Persistent Routes:
  Network Address          Netmask  Gateway Address  Metric
          0.0.0.0          0.0.0.0      192.168.0.1  Default
===========================================================================

My home PC is (statically assigned) 192.168.0.10, with 192.168.0.1 being my home router. The network I am joining through the VPN is 192.168.12.0, given an IP address by DHCP.

I can see it’s added a route to use the VPN and given it the lowest metric. I don’t know what ‘On-link’ means in this context.

The checkbox is still unchecked. If I disconnect and then reconnect the VPN connection, everything is fixed:

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.0.1     192.168.0.10    281
      82.4.223.31  255.255.255.255      192.168.0.1     192.168.0.10     26
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    331
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    331
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    331
      192.168.0.0    255.255.255.0         On-link      192.168.0.10    281
     192.168.0.10  255.255.255.255         On-link      192.168.0.10    281
    192.168.0.255  255.255.255.255         On-link      192.168.0.10    281
     192.168.12.0    255.255.255.0     192.168.12.1   192.168.12.200     26
   192.168.12.200  255.255.255.255         On-link    192.168.12.200    281
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    331
        224.0.0.0        240.0.0.0         On-link      192.168.0.10    281
        224.0.0.0        240.0.0.0         On-link    192.168.12.200    281
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    331
  255.255.255.255  255.255.255.255         On-link      192.168.0.10    281
  255.255.255.255  255.255.255.255         On-link    192.168.12.200    281
===========================================================================
Persistent Routes:
  Network Address          Netmask  Gateway Address  Metric
          0.0.0.0          0.0.0.0      192.168.0.1  Default
===========================================================================

Only traffic for 192.168.12.0 is sent via the VPN, which is what I want.

Does anyone know what could cause Windows to keep suddenly deciding to ignore the ‘Don’t use remote gateway…’ option and adding a route anyway?

Is there some kind of ‘negative route’ I can add permanently which effectively blocks any unwanted traffic going to the VPN?

Edited to add: I also tried manually setting the metric very high in the same page of the VPN IPv4 properties, but this seems to have no effect and is not reflected in the output of route print.

Edit to add: I’ve also noticed another strange behaviour regarding connecting to the VPN. This is all using the built-in Windows 10 client:

If initiating the connection by clicking the network icon in the tray, selecting the VPN and clicking the inline ‘Connect’ button there, it will often get stuck at the ‘Connecting…’ stage for a while then fail.

If I go into the ‘Netowrk & Internet Settings -> VPN’ part of the control panel and initiate the connection from there, it succeeds 100% of the time and very quickly.

I have also been using a third-party utility called AutoVPNConnect, which periodically checks whether the VPN is active and ‘re-dials’ it if not. I couldn’t find any way to get this behaviour reliably within Windows itself. I now suspect that the unwanted route is being added when the utility re-establishes the connection. I don’t believe it’s doing this intentionally.

Possibly there are multiple APIs in Windows for ‘dialling’ a VPN, and they function slightly differently?


Get this bounty!!!

#StackBounty: #vpn #routing #windows-10 Windows 10 won't stop using remote gateway with VPN

Bounty: 50

Hope this is a suitable place to ask. I have a VPN connection set up on my home Windows 10 PC which lets me join the network at my office. At some point I noticed my internet connection seemed very slow and after a little bit of investigation discovered that Windows was routing all non-local traffic through the VPN.

I learned about the ‘Use default gateway on remote network’ checkbox in the IPv4 properties on the VPN connection, and have unchecked it. This solves the problem but only temporarily. After ‘a while’ (don’t know exactly when it happens, I usually notice it within a couple of days) my internet connection feels slow again and sure enough all traffic is being routed through the VPN.

Using route print whilst the traffic is going through the VPN shows:

===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.0.1     192.168.0.10   4506
          0.0.0.0          0.0.0.0         On-link    192.168.12.200     26
      82.4.223.31  255.255.255.255      192.168.0.1     192.168.0.10   4251
        127.0.0.0        255.0.0.0         On-link         127.0.0.1   4556
        127.0.0.1  255.255.255.255         On-link         127.0.0.1   4556
  127.255.255.255  255.255.255.255         On-link         127.0.0.1   4556
      192.168.0.0    255.255.255.0         On-link      192.168.0.10   4506
     192.168.0.10  255.255.255.255         On-link      192.168.0.10   4506
    192.168.0.255  255.255.255.255         On-link      192.168.0.10   4506
   192.168.12.200  255.255.255.255         On-link    192.168.12.200    281
        224.0.0.0        240.0.0.0         On-link         127.0.0.1   4556
        224.0.0.0        240.0.0.0         On-link      192.168.0.10   4506
        224.0.0.0        240.0.0.0         On-link    192.168.12.200     26
  255.255.255.255  255.255.255.255         On-link         127.0.0.1   4556
  255.255.255.255  255.255.255.255         On-link      192.168.0.10   4506
  255.255.255.255  255.255.255.255         On-link    192.168.12.200    281
===========================================================================
Persistent Routes:
  Network Address          Netmask  Gateway Address  Metric
          0.0.0.0          0.0.0.0      192.168.0.1  Default
===========================================================================

My home PC is (statically assigned) 192.168.0.10, with 192.168.0.1 being my home router. The network I am joining through the VPN is 192.168.12.0, given an IP address by DHCP.

I can see it’s added a route to use the VPN and given it the lowest metric. I don’t know what ‘On-link’ means in this context.

The checkbox is still unchecked. If I disconnect and then reconnect the VPN connection, everything is fixed:

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.0.1     192.168.0.10    281
      82.4.223.31  255.255.255.255      192.168.0.1     192.168.0.10     26
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    331
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    331
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    331
      192.168.0.0    255.255.255.0         On-link      192.168.0.10    281
     192.168.0.10  255.255.255.255         On-link      192.168.0.10    281
    192.168.0.255  255.255.255.255         On-link      192.168.0.10    281
     192.168.12.0    255.255.255.0     192.168.12.1   192.168.12.200     26
   192.168.12.200  255.255.255.255         On-link    192.168.12.200    281
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    331
        224.0.0.0        240.0.0.0         On-link      192.168.0.10    281
        224.0.0.0        240.0.0.0         On-link    192.168.12.200    281
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    331
  255.255.255.255  255.255.255.255         On-link      192.168.0.10    281
  255.255.255.255  255.255.255.255         On-link    192.168.12.200    281
===========================================================================
Persistent Routes:
  Network Address          Netmask  Gateway Address  Metric
          0.0.0.0          0.0.0.0      192.168.0.1  Default
===========================================================================

Only traffic for 192.168.12.0 is sent via the VPN, which is what I want.

Does anyone know what could cause Windows to keep suddenly deciding to ignore the ‘Don’t use remote gateway…’ option and adding a route anyway?

Is there some kind of ‘negative route’ I can add permanently which effectively blocks any unwanted traffic going to the VPN?

Edited to add: I also tried manually setting the metric very high in the same page of the VPN IPv4 properties, but this seems to have no effect and is not reflected in the output of route print.

Edit to add: I’ve also noticed another strange behaviour regarding connecting to the VPN. This is all using the built-in Windows 10 client:

If initiating the connection by clicking the network icon in the tray, selecting the VPN and clicking the inline ‘Connect’ button there, it will often get stuck at the ‘Connecting…’ stage for a while then fail.

If I go into the ‘Netowrk & Internet Settings -> VPN’ part of the control panel and initiate the connection from there, it succeeds 100% of the time and very quickly.

I have also been using a third-party utility called AutoVPNConnect, which periodically checks whether the VPN is active and ‘re-dials’ it if not. I couldn’t find any way to get this behaviour reliably within Windows itself. I now suspect that the unwanted route is being added when the utility re-establishes the connection. I don’t believe it’s doing this intentionally.

Possibly there are multiple APIs in Windows for ‘dialling’ a VPN, and they function slightly differently?


Get this bounty!!!

#StackBounty: #vpn #routing #windows-10 Windows 10 won't stop using remote gateway with VPN

Bounty: 50

Hope this is a suitable place to ask. I have a VPN connection set up on my home Windows 10 PC which lets me join the network at my office. At some point I noticed my internet connection seemed very slow and after a little bit of investigation discovered that Windows was routing all non-local traffic through the VPN.

I learned about the ‘Use default gateway on remote network’ checkbox in the IPv4 properties on the VPN connection, and have unchecked it. This solves the problem but only temporarily. After ‘a while’ (don’t know exactly when it happens, I usually notice it within a couple of days) my internet connection feels slow again and sure enough all traffic is being routed through the VPN.

Using route print whilst the traffic is going through the VPN shows:

===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.0.1     192.168.0.10   4506
          0.0.0.0          0.0.0.0         On-link    192.168.12.200     26
      82.4.223.31  255.255.255.255      192.168.0.1     192.168.0.10   4251
        127.0.0.0        255.0.0.0         On-link         127.0.0.1   4556
        127.0.0.1  255.255.255.255         On-link         127.0.0.1   4556
  127.255.255.255  255.255.255.255         On-link         127.0.0.1   4556
      192.168.0.0    255.255.255.0         On-link      192.168.0.10   4506
     192.168.0.10  255.255.255.255         On-link      192.168.0.10   4506
    192.168.0.255  255.255.255.255         On-link      192.168.0.10   4506
   192.168.12.200  255.255.255.255         On-link    192.168.12.200    281
        224.0.0.0        240.0.0.0         On-link         127.0.0.1   4556
        224.0.0.0        240.0.0.0         On-link      192.168.0.10   4506
        224.0.0.0        240.0.0.0         On-link    192.168.12.200     26
  255.255.255.255  255.255.255.255         On-link         127.0.0.1   4556
  255.255.255.255  255.255.255.255         On-link      192.168.0.10   4506
  255.255.255.255  255.255.255.255         On-link    192.168.12.200    281
===========================================================================
Persistent Routes:
  Network Address          Netmask  Gateway Address  Metric
          0.0.0.0          0.0.0.0      192.168.0.1  Default
===========================================================================

My home PC is (statically assigned) 192.168.0.10, with 192.168.0.1 being my home router. The network I am joining through the VPN is 192.168.12.0, given an IP address by DHCP.

I can see it’s added a route to use the VPN and given it the lowest metric. I don’t know what ‘On-link’ means in this context.

The checkbox is still unchecked. If I disconnect and then reconnect the VPN connection, everything is fixed:

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.0.1     192.168.0.10    281
      82.4.223.31  255.255.255.255      192.168.0.1     192.168.0.10     26
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    331
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    331
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    331
      192.168.0.0    255.255.255.0         On-link      192.168.0.10    281
     192.168.0.10  255.255.255.255         On-link      192.168.0.10    281
    192.168.0.255  255.255.255.255         On-link      192.168.0.10    281
     192.168.12.0    255.255.255.0     192.168.12.1   192.168.12.200     26
   192.168.12.200  255.255.255.255         On-link    192.168.12.200    281
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    331
        224.0.0.0        240.0.0.0         On-link      192.168.0.10    281
        224.0.0.0        240.0.0.0         On-link    192.168.12.200    281
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    331
  255.255.255.255  255.255.255.255         On-link      192.168.0.10    281
  255.255.255.255  255.255.255.255         On-link    192.168.12.200    281
===========================================================================
Persistent Routes:
  Network Address          Netmask  Gateway Address  Metric
          0.0.0.0          0.0.0.0      192.168.0.1  Default
===========================================================================

Only traffic for 192.168.12.0 is sent via the VPN, which is what I want.

Does anyone know what could cause Windows to keep suddenly deciding to ignore the ‘Don’t use remote gateway…’ option and adding a route anyway?

Is there some kind of ‘negative route’ I can add permanently which effectively blocks any unwanted traffic going to the VPN?

Edited to add: I also tried manually setting the metric very high in the same page of the VPN IPv4 properties, but this seems to have no effect and is not reflected in the output of route print.

Edit to add: I’ve also noticed another strange behaviour regarding connecting to the VPN. This is all using the built-in Windows 10 client:

If initiating the connection by clicking the network icon in the tray, selecting the VPN and clicking the inline ‘Connect’ button there, it will often get stuck at the ‘Connecting…’ stage for a while then fail.

If I go into the ‘Netowrk & Internet Settings -> VPN’ part of the control panel and initiate the connection from there, it succeeds 100% of the time and very quickly.

I have also been using a third-party utility called AutoVPNConnect, which periodically checks whether the VPN is active and ‘re-dials’ it if not. I couldn’t find any way to get this behaviour reliably within Windows itself. I now suspect that the unwanted route is being added when the utility re-establishes the connection. I don’t believe it’s doing this intentionally.

Possibly there are multiple APIs in Windows for ‘dialling’ a VPN, and they function slightly differently?


Get this bounty!!!

#StackBounty: #vpn #routing #windows-10 Windows 10 won't stop using remote gateway with VPN

Bounty: 50

Hope this is a suitable place to ask. I have a VPN connection set up on my home Windows 10 PC which lets me join the network at my office. At some point I noticed my internet connection seemed very slow and after a little bit of investigation discovered that Windows was routing all non-local traffic through the VPN.

I learned about the ‘Use default gateway on remote network’ checkbox in the IPv4 properties on the VPN connection, and have unchecked it. This solves the problem but only temporarily. After ‘a while’ (don’t know exactly when it happens, I usually notice it within a couple of days) my internet connection feels slow again and sure enough all traffic is being routed through the VPN.

Using route print whilst the traffic is going through the VPN shows:

===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.0.1     192.168.0.10   4506
          0.0.0.0          0.0.0.0         On-link    192.168.12.200     26
      82.4.223.31  255.255.255.255      192.168.0.1     192.168.0.10   4251
        127.0.0.0        255.0.0.0         On-link         127.0.0.1   4556
        127.0.0.1  255.255.255.255         On-link         127.0.0.1   4556
  127.255.255.255  255.255.255.255         On-link         127.0.0.1   4556
      192.168.0.0    255.255.255.0         On-link      192.168.0.10   4506
     192.168.0.10  255.255.255.255         On-link      192.168.0.10   4506
    192.168.0.255  255.255.255.255         On-link      192.168.0.10   4506
   192.168.12.200  255.255.255.255         On-link    192.168.12.200    281
        224.0.0.0        240.0.0.0         On-link         127.0.0.1   4556
        224.0.0.0        240.0.0.0         On-link      192.168.0.10   4506
        224.0.0.0        240.0.0.0         On-link    192.168.12.200     26
  255.255.255.255  255.255.255.255         On-link         127.0.0.1   4556
  255.255.255.255  255.255.255.255         On-link      192.168.0.10   4506
  255.255.255.255  255.255.255.255         On-link    192.168.12.200    281
===========================================================================
Persistent Routes:
  Network Address          Netmask  Gateway Address  Metric
          0.0.0.0          0.0.0.0      192.168.0.1  Default
===========================================================================

My home PC is (statically assigned) 192.168.0.10, with 192.168.0.1 being my home router. The network I am joining through the VPN is 192.168.12.0, given an IP address by DHCP.

I can see it’s added a route to use the VPN and given it the lowest metric. I don’t know what ‘On-link’ means in this context.

The checkbox is still unchecked. If I disconnect and then reconnect the VPN connection, everything is fixed:

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.0.1     192.168.0.10    281
      82.4.223.31  255.255.255.255      192.168.0.1     192.168.0.10     26
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    331
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    331
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    331
      192.168.0.0    255.255.255.0         On-link      192.168.0.10    281
     192.168.0.10  255.255.255.255         On-link      192.168.0.10    281
    192.168.0.255  255.255.255.255         On-link      192.168.0.10    281
     192.168.12.0    255.255.255.0     192.168.12.1   192.168.12.200     26
   192.168.12.200  255.255.255.255         On-link    192.168.12.200    281
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    331
        224.0.0.0        240.0.0.0         On-link      192.168.0.10    281
        224.0.0.0        240.0.0.0         On-link    192.168.12.200    281
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    331
  255.255.255.255  255.255.255.255         On-link      192.168.0.10    281
  255.255.255.255  255.255.255.255         On-link    192.168.12.200    281
===========================================================================
Persistent Routes:
  Network Address          Netmask  Gateway Address  Metric
          0.0.0.0          0.0.0.0      192.168.0.1  Default
===========================================================================

Only traffic for 192.168.12.0 is sent via the VPN, which is what I want.

Does anyone know what could cause Windows to keep suddenly deciding to ignore the ‘Don’t use remote gateway…’ option and adding a route anyway?

Is there some kind of ‘negative route’ I can add permanently which effectively blocks any unwanted traffic going to the VPN?

Edited to add: I also tried manually setting the metric very high in the same page of the VPN IPv4 properties, but this seems to have no effect and is not reflected in the output of route print.

Edit to add: I’ve also noticed another strange behaviour regarding connecting to the VPN. This is all using the built-in Windows 10 client:

If initiating the connection by clicking the network icon in the tray, selecting the VPN and clicking the inline ‘Connect’ button there, it will often get stuck at the ‘Connecting…’ stage for a while then fail.

If I go into the ‘Netowrk & Internet Settings -> VPN’ part of the control panel and initiate the connection from there, it succeeds 100% of the time and very quickly.

I have also been using a third-party utility called AutoVPNConnect, which periodically checks whether the VPN is active and ‘re-dials’ it if not. I couldn’t find any way to get this behaviour reliably within Windows itself. I now suspect that the unwanted route is being added when the utility re-establishes the connection. I don’t believe it’s doing this intentionally.

Possibly there are multiple APIs in Windows for ‘dialling’ a VPN, and they function slightly differently?


Get this bounty!!!

#StackBounty: #vpn #routing #windows-10 Windows 10 won't stop using remote gateway with VPN

Bounty: 50

Hope this is a suitable place to ask. I have a VPN connection set up on my home Windows 10 PC which lets me join the network at my office. At some point I noticed my internet connection seemed very slow and after a little bit of investigation discovered that Windows was routing all non-local traffic through the VPN.

I learned about the ‘Use default gateway on remote network’ checkbox in the IPv4 properties on the VPN connection, and have unchecked it. This solves the problem but only temporarily. After ‘a while’ (don’t know exactly when it happens, I usually notice it within a couple of days) my internet connection feels slow again and sure enough all traffic is being routed through the VPN.

Using route print whilst the traffic is going through the VPN shows:

===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.0.1     192.168.0.10   4506
          0.0.0.0          0.0.0.0         On-link    192.168.12.200     26
      82.4.223.31  255.255.255.255      192.168.0.1     192.168.0.10   4251
        127.0.0.0        255.0.0.0         On-link         127.0.0.1   4556
        127.0.0.1  255.255.255.255         On-link         127.0.0.1   4556
  127.255.255.255  255.255.255.255         On-link         127.0.0.1   4556
      192.168.0.0    255.255.255.0         On-link      192.168.0.10   4506
     192.168.0.10  255.255.255.255         On-link      192.168.0.10   4506
    192.168.0.255  255.255.255.255         On-link      192.168.0.10   4506
   192.168.12.200  255.255.255.255         On-link    192.168.12.200    281
        224.0.0.0        240.0.0.0         On-link         127.0.0.1   4556
        224.0.0.0        240.0.0.0         On-link      192.168.0.10   4506
        224.0.0.0        240.0.0.0         On-link    192.168.12.200     26
  255.255.255.255  255.255.255.255         On-link         127.0.0.1   4556
  255.255.255.255  255.255.255.255         On-link      192.168.0.10   4506
  255.255.255.255  255.255.255.255         On-link    192.168.12.200    281
===========================================================================
Persistent Routes:
  Network Address          Netmask  Gateway Address  Metric
          0.0.0.0          0.0.0.0      192.168.0.1  Default
===========================================================================

My home PC is (statically assigned) 192.168.0.10, with 192.168.0.1 being my home router. The network I am joining through the VPN is 192.168.12.0, given an IP address by DHCP.

I can see it’s added a route to use the VPN and given it the lowest metric. I don’t know what ‘On-link’ means in this context.

The checkbox is still unchecked. If I disconnect and then reconnect the VPN connection, everything is fixed:

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.0.1     192.168.0.10    281
      82.4.223.31  255.255.255.255      192.168.0.1     192.168.0.10     26
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    331
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    331
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    331
      192.168.0.0    255.255.255.0         On-link      192.168.0.10    281
     192.168.0.10  255.255.255.255         On-link      192.168.0.10    281
    192.168.0.255  255.255.255.255         On-link      192.168.0.10    281
     192.168.12.0    255.255.255.0     192.168.12.1   192.168.12.200     26
   192.168.12.200  255.255.255.255         On-link    192.168.12.200    281
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    331
        224.0.0.0        240.0.0.0         On-link      192.168.0.10    281
        224.0.0.0        240.0.0.0         On-link    192.168.12.200    281
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    331
  255.255.255.255  255.255.255.255         On-link      192.168.0.10    281
  255.255.255.255  255.255.255.255         On-link    192.168.12.200    281
===========================================================================
Persistent Routes:
  Network Address          Netmask  Gateway Address  Metric
          0.0.0.0          0.0.0.0      192.168.0.1  Default
===========================================================================

Only traffic for 192.168.12.0 is sent via the VPN, which is what I want.

Does anyone know what could cause Windows to keep suddenly deciding to ignore the ‘Don’t use remote gateway…’ option and adding a route anyway?

Is there some kind of ‘negative route’ I can add permanently which effectively blocks any unwanted traffic going to the VPN?

Edited to add: I also tried manually setting the metric very high in the same page of the VPN IPv4 properties, but this seems to have no effect and is not reflected in the output of route print.

Edit to add: I’ve also noticed another strange behaviour regarding connecting to the VPN. This is all using the built-in Windows 10 client:

If initiating the connection by clicking the network icon in the tray, selecting the VPN and clicking the inline ‘Connect’ button there, it will often get stuck at the ‘Connecting…’ stage for a while then fail.

If I go into the ‘Netowrk & Internet Settings -> VPN’ part of the control panel and initiate the connection from there, it succeeds 100% of the time and very quickly.

I have also been using a third-party utility called AutoVPNConnect, which periodically checks whether the VPN is active and ‘re-dials’ it if not. I couldn’t find any way to get this behaviour reliably within Windows itself. I now suspect that the unwanted route is being added when the utility re-establishes the connection. I don’t believe it’s doing this intentionally.

Possibly there are multiple APIs in Windows for ‘dialling’ a VPN, and they function slightly differently?


Get this bounty!!!

#StackBounty: #vpn #routing #windows-10 Windows 10 won't stop using remote gateway with VPN

Bounty: 50

Hope this is a suitable place to ask. I have a VPN connection set up on my home Windows 10 PC which lets me join the network at my office. At some point I noticed my internet connection seemed very slow and after a little bit of investigation discovered that Windows was routing all non-local traffic through the VPN.

I learned about the ‘Use default gateway on remote network’ checkbox in the IPv4 properties on the VPN connection, and have unchecked it. This solves the problem but only temporarily. After ‘a while’ (don’t know exactly when it happens, I usually notice it within a couple of days) my internet connection feels slow again and sure enough all traffic is being routed through the VPN.

Using route print whilst the traffic is going through the VPN shows:

===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.0.1     192.168.0.10   4506
          0.0.0.0          0.0.0.0         On-link    192.168.12.200     26
      82.4.223.31  255.255.255.255      192.168.0.1     192.168.0.10   4251
        127.0.0.0        255.0.0.0         On-link         127.0.0.1   4556
        127.0.0.1  255.255.255.255         On-link         127.0.0.1   4556
  127.255.255.255  255.255.255.255         On-link         127.0.0.1   4556
      192.168.0.0    255.255.255.0         On-link      192.168.0.10   4506
     192.168.0.10  255.255.255.255         On-link      192.168.0.10   4506
    192.168.0.255  255.255.255.255         On-link      192.168.0.10   4506
   192.168.12.200  255.255.255.255         On-link    192.168.12.200    281
        224.0.0.0        240.0.0.0         On-link         127.0.0.1   4556
        224.0.0.0        240.0.0.0         On-link      192.168.0.10   4506
        224.0.0.0        240.0.0.0         On-link    192.168.12.200     26
  255.255.255.255  255.255.255.255         On-link         127.0.0.1   4556
  255.255.255.255  255.255.255.255         On-link      192.168.0.10   4506
  255.255.255.255  255.255.255.255         On-link    192.168.12.200    281
===========================================================================
Persistent Routes:
  Network Address          Netmask  Gateway Address  Metric
          0.0.0.0          0.0.0.0      192.168.0.1  Default
===========================================================================

My home PC is (statically assigned) 192.168.0.10, with 192.168.0.1 being my home router. The network I am joining through the VPN is 192.168.12.0, given an IP address by DHCP.

I can see it’s added a route to use the VPN and given it the lowest metric. I don’t know what ‘On-link’ means in this context.

The checkbox is still unchecked. If I disconnect and then reconnect the VPN connection, everything is fixed:

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.0.1     192.168.0.10    281
      82.4.223.31  255.255.255.255      192.168.0.1     192.168.0.10     26
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    331
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    331
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    331
      192.168.0.0    255.255.255.0         On-link      192.168.0.10    281
     192.168.0.10  255.255.255.255         On-link      192.168.0.10    281
    192.168.0.255  255.255.255.255         On-link      192.168.0.10    281
     192.168.12.0    255.255.255.0     192.168.12.1   192.168.12.200     26
   192.168.12.200  255.255.255.255         On-link    192.168.12.200    281
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    331
        224.0.0.0        240.0.0.0         On-link      192.168.0.10    281
        224.0.0.0        240.0.0.0         On-link    192.168.12.200    281
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    331
  255.255.255.255  255.255.255.255         On-link      192.168.0.10    281
  255.255.255.255  255.255.255.255         On-link    192.168.12.200    281
===========================================================================
Persistent Routes:
  Network Address          Netmask  Gateway Address  Metric
          0.0.0.0          0.0.0.0      192.168.0.1  Default
===========================================================================

Only traffic for 192.168.12.0 is sent via the VPN, which is what I want.

Does anyone know what could cause Windows to keep suddenly deciding to ignore the ‘Don’t use remote gateway…’ option and adding a route anyway?

Is there some kind of ‘negative route’ I can add permanently which effectively blocks any unwanted traffic going to the VPN?

Edited to add: I also tried manually setting the metric very high in the same page of the VPN IPv4 properties, but this seems to have no effect and is not reflected in the output of route print.

Edit to add: I’ve also noticed another strange behaviour regarding connecting to the VPN. This is all using the built-in Windows 10 client:

If initiating the connection by clicking the network icon in the tray, selecting the VPN and clicking the inline ‘Connect’ button there, it will often get stuck at the ‘Connecting…’ stage for a while then fail.

If I go into the ‘Netowrk & Internet Settings -> VPN’ part of the control panel and initiate the connection from there, it succeeds 100% of the time and very quickly.

I have also been using a third-party utility called AutoVPNConnect, which periodically checks whether the VPN is active and ‘re-dials’ it if not. I couldn’t find any way to get this behaviour reliably within Windows itself. I now suspect that the unwanted route is being added when the utility re-establishes the connection. I don’t believe it’s doing this intentionally.

Possibly there are multiple APIs in Windows for ‘dialling’ a VPN, and they function slightly differently?


Get this bounty!!!

#StackBounty: #vpn #routing #windows-10 Windows 10 won't stop using remote gateway with VPN

Bounty: 50

Hope this is a suitable place to ask. I have a VPN connection set up on my home Windows 10 PC which lets me join the network at my office. At some point I noticed my internet connection seemed very slow and after a little bit of investigation discovered that Windows was routing all non-local traffic through the VPN.

I learned about the ‘Use default gateway on remote network’ checkbox in the IPv4 properties on the VPN connection, and have unchecked it. This solves the problem but only temporarily. After ‘a while’ (don’t know exactly when it happens, I usually notice it within a couple of days) my internet connection feels slow again and sure enough all traffic is being routed through the VPN.

Using route print whilst the traffic is going through the VPN shows:

===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.0.1     192.168.0.10   4506
          0.0.0.0          0.0.0.0         On-link    192.168.12.200     26
      82.4.223.31  255.255.255.255      192.168.0.1     192.168.0.10   4251
        127.0.0.0        255.0.0.0         On-link         127.0.0.1   4556
        127.0.0.1  255.255.255.255         On-link         127.0.0.1   4556
  127.255.255.255  255.255.255.255         On-link         127.0.0.1   4556
      192.168.0.0    255.255.255.0         On-link      192.168.0.10   4506
     192.168.0.10  255.255.255.255         On-link      192.168.0.10   4506
    192.168.0.255  255.255.255.255         On-link      192.168.0.10   4506
   192.168.12.200  255.255.255.255         On-link    192.168.12.200    281
        224.0.0.0        240.0.0.0         On-link         127.0.0.1   4556
        224.0.0.0        240.0.0.0         On-link      192.168.0.10   4506
        224.0.0.0        240.0.0.0         On-link    192.168.12.200     26
  255.255.255.255  255.255.255.255         On-link         127.0.0.1   4556
  255.255.255.255  255.255.255.255         On-link      192.168.0.10   4506
  255.255.255.255  255.255.255.255         On-link    192.168.12.200    281
===========================================================================
Persistent Routes:
  Network Address          Netmask  Gateway Address  Metric
          0.0.0.0          0.0.0.0      192.168.0.1  Default
===========================================================================

My home PC is (statically assigned) 192.168.0.10, with 192.168.0.1 being my home router. The network I am joining through the VPN is 192.168.12.0, given an IP address by DHCP.

I can see it’s added a route to use the VPN and given it the lowest metric. I don’t know what ‘On-link’ means in this context.

The checkbox is still unchecked. If I disconnect and then reconnect the VPN connection, everything is fixed:

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.0.1     192.168.0.10    281
      82.4.223.31  255.255.255.255      192.168.0.1     192.168.0.10     26
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    331
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    331
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    331
      192.168.0.0    255.255.255.0         On-link      192.168.0.10    281
     192.168.0.10  255.255.255.255         On-link      192.168.0.10    281
    192.168.0.255  255.255.255.255         On-link      192.168.0.10    281
     192.168.12.0    255.255.255.0     192.168.12.1   192.168.12.200     26
   192.168.12.200  255.255.255.255         On-link    192.168.12.200    281
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    331
        224.0.0.0        240.0.0.0         On-link      192.168.0.10    281
        224.0.0.0        240.0.0.0         On-link    192.168.12.200    281
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    331
  255.255.255.255  255.255.255.255         On-link      192.168.0.10    281
  255.255.255.255  255.255.255.255         On-link    192.168.12.200    281
===========================================================================
Persistent Routes:
  Network Address          Netmask  Gateway Address  Metric
          0.0.0.0          0.0.0.0      192.168.0.1  Default
===========================================================================

Only traffic for 192.168.12.0 is sent via the VPN, which is what I want.

Does anyone know what could cause Windows to keep suddenly deciding to ignore the ‘Don’t use remote gateway…’ option and adding a route anyway?

Is there some kind of ‘negative route’ I can add permanently which effectively blocks any unwanted traffic going to the VPN?

Edited to add: I also tried manually setting the metric very high in the same page of the VPN IPv4 properties, but this seems to have no effect and is not reflected in the output of route print.

Edit to add: I’ve also noticed another strange behaviour regarding connecting to the VPN. This is all using the built-in Windows 10 client:

If initiating the connection by clicking the network icon in the tray, selecting the VPN and clicking the inline ‘Connect’ button there, it will often get stuck at the ‘Connecting…’ stage for a while then fail.

If I go into the ‘Netowrk & Internet Settings -> VPN’ part of the control panel and initiate the connection from there, it succeeds 100% of the time and very quickly.

I have also been using a third-party utility called AutoVPNConnect, which periodically checks whether the VPN is active and ‘re-dials’ it if not. I couldn’t find any way to get this behaviour reliably within Windows itself. I now suspect that the unwanted route is being added when the utility re-establishes the connection. I don’t believe it’s doing this intentionally.

Possibly there are multiple APIs in Windows for ‘dialling’ a VPN, and they function slightly differently?


Get this bounty!!!

#StackBounty: #vpn #routing #windows-10 Windows 10 won't stop using remote gateway with VPN

Bounty: 50

Hope this is a suitable place to ask. I have a VPN connection set up on my home Windows 10 PC which lets me join the network at my office. At some point I noticed my internet connection seemed very slow and after a little bit of investigation discovered that Windows was routing all non-local traffic through the VPN.

I learned about the ‘Use default gateway on remote network’ checkbox in the IPv4 properties on the VPN connection, and have unchecked it. This solves the problem but only temporarily. After ‘a while’ (don’t know exactly when it happens, I usually notice it within a couple of days) my internet connection feels slow again and sure enough all traffic is being routed through the VPN.

Using route print whilst the traffic is going through the VPN shows:

===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.0.1     192.168.0.10   4506
          0.0.0.0          0.0.0.0         On-link    192.168.12.200     26
      82.4.223.31  255.255.255.255      192.168.0.1     192.168.0.10   4251
        127.0.0.0        255.0.0.0         On-link         127.0.0.1   4556
        127.0.0.1  255.255.255.255         On-link         127.0.0.1   4556
  127.255.255.255  255.255.255.255         On-link         127.0.0.1   4556
      192.168.0.0    255.255.255.0         On-link      192.168.0.10   4506
     192.168.0.10  255.255.255.255         On-link      192.168.0.10   4506
    192.168.0.255  255.255.255.255         On-link      192.168.0.10   4506
   192.168.12.200  255.255.255.255         On-link    192.168.12.200    281
        224.0.0.0        240.0.0.0         On-link         127.0.0.1   4556
        224.0.0.0        240.0.0.0         On-link      192.168.0.10   4506
        224.0.0.0        240.0.0.0         On-link    192.168.12.200     26
  255.255.255.255  255.255.255.255         On-link         127.0.0.1   4556
  255.255.255.255  255.255.255.255         On-link      192.168.0.10   4506
  255.255.255.255  255.255.255.255         On-link    192.168.12.200    281
===========================================================================
Persistent Routes:
  Network Address          Netmask  Gateway Address  Metric
          0.0.0.0          0.0.0.0      192.168.0.1  Default
===========================================================================

My home PC is (statically assigned) 192.168.0.10, with 192.168.0.1 being my home router. The network I am joining through the VPN is 192.168.12.0, given an IP address by DHCP.

I can see it’s added a route to use the VPN and given it the lowest metric. I don’t know what ‘On-link’ means in this context.

The checkbox is still unchecked. If I disconnect and then reconnect the VPN connection, everything is fixed:

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.0.1     192.168.0.10    281
      82.4.223.31  255.255.255.255      192.168.0.1     192.168.0.10     26
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    331
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    331
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    331
      192.168.0.0    255.255.255.0         On-link      192.168.0.10    281
     192.168.0.10  255.255.255.255         On-link      192.168.0.10    281
    192.168.0.255  255.255.255.255         On-link      192.168.0.10    281
     192.168.12.0    255.255.255.0     192.168.12.1   192.168.12.200     26
   192.168.12.200  255.255.255.255         On-link    192.168.12.200    281
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    331
        224.0.0.0        240.0.0.0         On-link      192.168.0.10    281
        224.0.0.0        240.0.0.0         On-link    192.168.12.200    281
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    331
  255.255.255.255  255.255.255.255         On-link      192.168.0.10    281
  255.255.255.255  255.255.255.255         On-link    192.168.12.200    281
===========================================================================
Persistent Routes:
  Network Address          Netmask  Gateway Address  Metric
          0.0.0.0          0.0.0.0      192.168.0.1  Default
===========================================================================

Only traffic for 192.168.12.0 is sent via the VPN, which is what I want.

Does anyone know what could cause Windows to keep suddenly deciding to ignore the ‘Don’t use remote gateway…’ option and adding a route anyway?

Is there some kind of ‘negative route’ I can add permanently which effectively blocks any unwanted traffic going to the VPN?

Edited to add: I also tried manually setting the metric very high in the same page of the VPN IPv4 properties, but this seems to have no effect and is not reflected in the output of route print.

Edit to add: I’ve also noticed another strange behaviour regarding connecting to the VPN. This is all using the built-in Windows 10 client:

If initiating the connection by clicking the network icon in the tray, selecting the VPN and clicking the inline ‘Connect’ button there, it will often get stuck at the ‘Connecting…’ stage for a while then fail.

If I go into the ‘Netowrk & Internet Settings -> VPN’ part of the control panel and initiate the connection from there, it succeeds 100% of the time and very quickly.

I have also been using a third-party utility called AutoVPNConnect, which periodically checks whether the VPN is active and ‘re-dials’ it if not. I couldn’t find any way to get this behaviour reliably within Windows itself. I now suspect that the unwanted route is being added when the utility re-establishes the connection. I don’t believe it’s doing this intentionally.

Possibly there are multiple APIs in Windows for ‘dialling’ a VPN, and they function slightly differently?


Get this bounty!!!