VPN client creates default route - any way to disable it?

Post your questions about SoftEther VPN software here. Please answer questions if you can afford.
Post Reply
boban
Posts: 2
Joined: Sun Jan 26, 2014 10:00 pm

VPN client creates default route - any way to disable it?

Post by boban » Sun Jan 26, 2014 10:19 pm

First of all, thanks for the great piece of software. Works really well for me.

I have one question though. When I connect to my VPN server at work, the default route is created at my client PC and all traffic goes throuh the work PC (where the VPN server is). I would like only the server's virtual NAT's subnet added to the routing table.

I've attached screenshot of how my routing table looks like before connecting to the server (before.png) and after connecting (after.png).

I tried checking the "No Adjustments of Routing Table" checkbox in the Client's advanced settings, but without success.

In order to use the VPN I have to manually alter the routing table every time the connection is established. That kind of ruins the experience. Is there any way to disable creation of the default route? Thanks a lot in advance!

Btw. I am using VPN server with virtual NAT and virtual DHCP. Windows 8.1 on the client side.
You do not have the required permissions to view the files attached to this post.

terryfied
Posts: 17
Joined: Tue Jan 28, 2014 12:49 am

Re: VPN client creates default route - any way to disable it

Post by terryfied » Tue Jan 28, 2014 1:02 am

I am somewhat new to VPN in general and so excuse my ignorance if I ask any stupid questions, but I think this may be the same question I have about SoftEther. I'm going to post my version of the question in a new thread so that more see it and it increases my chances of getting an answer.

I need to connect to my home network from work so that I can remote desktop into my LAN PCs at home so I am using SoftEther in a "Remote Access to LAN" capacity. I'm assuming that's the configuration I need to use.

The issue I'm having is that as soon as I connect to VPN from work, my work PC uses the remote home network for all Internet and network access. A friend at work indicated there is such a thing called "split tunneling" which would allow my work PC to continue to use the work LAN network resources as it usually does and only use the VPN connection for the remote desktop activities. However, I'm unable to find that option anywhere in the client or server. Can someone tell me how I would do this?

parkycai
Posts: 17
Joined: Sun Jul 07, 2013 7:58 am

Re: VPN client creates default route - any way to disable it

Post by parkycai » Wed Jan 29, 2014 1:37 am

check the option "do not modify default route" somewhere in connection advanced properties.

mesa57
Posts: 153
Joined: Fri Oct 11, 2013 4:00 pm
Location: Netherlands

Re: VPN client creates default route - any way to disable it

Post by mesa57 » Wed Jan 29, 2014 8:27 am

Setting metric to automatic or a high value on the vpn client adapter should solve the problem.

terryfied
Posts: 17
Joined: Tue Jan 28, 2014 12:49 am

Re: VPN client creates default route - any way to disable it

Post by terryfied » Fri Jan 31, 2014 6:05 am

Thank you for the responses. Setting the VPN virtual adapter on the client to a higher value (I set mine to 100) did the trick. Having another issue though, going to start a thread on the main forum. Thanks again.

boban
Posts: 2
Joined: Sun Jan 26, 2014 10:00 pm

Re: VPN client creates default route - any way to disable it

Post by boban » Sat Feb 01, 2014 6:02 pm

parkycai wrote:
> check the option "do not modify default route" somewhere in
> connection advanced properties.

Cannot find this setting.. can you please tell me where exactly is it located?

terryfied
Posts: 17
Joined: Tue Jan 28, 2014 12:49 am

Re: VPN client creates default route - any way to disable it

Post by terryfied » Sat Feb 01, 2014 9:12 pm

I could not find the option either. I don't think it exists. Use the metric process, worked like a charm for me.

inten
Posts: 375
Joined: Fri Oct 18, 2013 8:15 am
Location: All around the world
Contact:

Re: VPN client creates default route - any way to disable it

Post by inten » Sun Feb 02, 2014 11:05 am

[attachment=0]Untitled.png[/attachment]
You do not have the required permissions to view the files attached to this post.
When you don't like the answer, change the question.
Cheers,
Team.

VPNHPanel.com
This account is not associated to SoftEther project.

terryfied
Posts: 17
Joined: Tue Jan 28, 2014 12:49 am

Re: VPN client creates default route - any way to disable it

Post by terryfied » Sun Feb 02, 2014 8:39 pm

I stand corrected. So to make sure I understand, checking this option does the following:

1. Normal Internet communication on the VPN client side continues to flow through the connection used prior to the VPN connection.
2. When connecting to a resource on the VPN server side of things, such as using Remote Desktop to connect to one of the server's network machines or using Windows Explorer to access a drive on one of the server's network machines, it will automagically use the VPN connection. (If this is true, how does this work? What are the limitations? Does the IP range need to be different?)
3. Enabling this option removes the need to modify the metrics on any of the client side network adapters.

As an aside, which would be better, using metrics or this option? Wouldn't using metrics give more control?

mesa57
Posts: 153
Joined: Fri Oct 11, 2013 4:00 pm
Location: Netherlands

Re: VPN client creates default route - any way to disable it

Post by mesa57 » Sun Feb 02, 2014 9:19 pm

At least 1) and therefore 3) did not work for me.

terryfied
Posts: 17
Joined: Tue Jan 28, 2014 12:49 am

Re: VPN client creates default route - any way to disable it

Post by terryfied » Sun Feb 02, 2014 11:39 pm

Same here. I just tested it by setting all of my adapters back to automatic metrics, enabling the option, rebooting and testing it, and had the same experience. It seems manually changing the metrics is the only way it really works.

I notice that in the VPN adapter for Windows (7 and others?), there is an option to "Use default gateway on remote network" that can be disabled, and I've seen talk on the Internet of how people are using this option to do what we're wanting to do. Is this option anywhere in SoftEther, can it be implemented in SoftEther, and can you even connect to a SoftEther VPN server using Windows VPN connections?

---edit---
Forget I asked anything above. I've checked out Windows native VPN support and it's a joke, so nevermind.

Flayer
Posts: 2
Joined: Fri Jan 31, 2014 4:05 pm
Location: Ukraine

Re: VPN client creates default route - any way to disable it

Post by Flayer » Wed Feb 05, 2014 12:23 pm

If you use Virtual DHCP server, you should delete the gateway and dns configuration in Virtual DHCP server in HUB, then need to change the subnet, because sometimes the gateway configuration and dns persist even after removal. I hope you understand what I wrote:)

antald
Posts: 3
Joined: Thu Dec 04, 2014 1:52 pm

Re: VPN client creates default route - any way to disable it

Post by antald » Thu Dec 04, 2014 2:05 pm

The Virtual DHCP server actually can solve the problem but could conflict with the internal DHCP server if there is already one on the network, if I understand the warning in SoftEther VPN server correctly.

So when we don't use the Virtual DHCP Server SoftEther VPN Client lacks the ability to disable the default route created.

0.0.0.0 0.0.0.0 192.168.110.254 192.168.110.140 200

I could remove the route manually but that would be devious.

route delete 0.0.0.0 mask 0.0.0.0 192.168.110.254

Can the developers of SoftEther build a disable default route option so users with an internal DHCP server can only send VPN related traffic throught the VPN tunnel?

mesa57
Posts: 153
Joined: Fri Oct 11, 2013 4:00 pm
Location: Netherlands

Re: VPN client creates default route - any way to disable it

Post by mesa57 » Thu Dec 04, 2014 3:11 pm

The default route has nothing to do with DHCP servers.

antald
Posts: 3
Joined: Thu Dec 04, 2014 1:52 pm

Re: VPN client creates default route - any way to disable it

Post by antald » Thu Dec 04, 2014 3:22 pm

Yes it does, when using the virtual DHCP you are able to clear the Gateway field thus not giving the client a default gateway and this results in not giving the client a default route.

When using an internal (your own) DHCP server you can of course not give a default gateway but this would affect all local users as well, so this is no option at all.

qupfer
Posts: 198
Joined: Wed Jul 10, 2013 2:07 pm

Re: VPN client creates default route - any way to disable it

Post by qupfer » Fri Dec 05, 2014 4:08 pm

mesa57 wrote:
> The default route has nothing to do with DHCP servers.

thats not completely true. Most DHCP-Servers send a default-gateway (dhcp-option 3) to the client --> client overrides

I didn't read the other answers, but I will post my solution for this problem. Maybe its helpfull.

My homentwork use the range 10.10.10.0/24. Home DHCP/DNS are installed on 10.10.10.10 and SoftEther runs on a raspberry pi with the IP 10.10.10.100.
On the PI, Softether creates a new tap_device and I add manually the IP 10.10.20.1/24 to it.

Additionally, I installed dnsmasq and add this to the dnsmasq.conf file:

dhcp-range=tap_soft,10.10.20.100,10.10.20.200,12h
dhcp-option=3
dhcp-option=6,10.10.10.10
dhcp-option=121,10.10.10.0/24,10.10.20.1

What it does?
dhcp-range=tap_soft,10.10.20.100,10.10.20.200,12h --> will give IPs to clients on the tap_device (range 10.10.20.100 to 10.10.20.200). This means vpn-clients will have there own subnet and dhcp server.

dhcp-option=3
This will send the "new" default gateway and because its empty --> no new gateway

dhcp-option=6,10.10.10.10
This will send the DNS server. In this case, all DNS request are going through the vpn. So, its a bit slower, but I can use my homenetwork name-resolution. (local name resolutions like Bonjour, LLMNR will not work).
If you don't need your home/work dns server, replace 10.10.10.10 with your normal dns or 8.8.8.8 (google dns)

dhcp-option=121,10.10.10.0/24,10.10.20.1
The dhcp-option 121 will send a new route to the clients. In this example. The subnet 10.10.10.0/24 is routed to 10.10.20.1 (the internal vpn-server-ip)


So, If I connect to my vpn, only dns queries and traffic to 10.10.10.0/24 are going through the vpn. All other use the normal internet connection. And yes, this will NOT work with the included virtual DHCP server, because it has not the option to set special dhcp-options.

thisjun
Posts: 2090
Joined: Mon Feb 24, 2014 11:03 am

Re: VPN client creates default route - any way to disable it

Post by thisjun » Tue Dec 16, 2014 8:01 am

Are you using a Windows on client side?
If so, try to increase the interface metric number of the virtual NIC.

Post Reply