Page 1 of 1
How to stop client's internet traffic redirected to VPN
Posted: Thu Feb 12, 2015 9:11 pm
by tc1010
I've just installed SoftEther VPN 4.14 server on my Windows 7 PC within a Windows 2008 domain to set up a PC-to-Lan remote access VPN. I used most of the default settings to build this VPN server and everything is working fine at this point. A remote SoftEther VPN client can connect to this VPN Lan and access all the resources without any issues. All is good.
However, I really want the clients to be able to access the Lan only. I don't want their internet traffic to be redirected to this VPN and put extra burden on our domain.
How can I stop the redirect through the server settings? I can't seem to find a solution. I tried the SecureNAT and it somewhat worked but I would rather use local bridge if I could.
Re: How to stop client's internet traffic redirected to VPN
Posted: Fri Feb 13, 2015 8:03 am
by mashuser
You can do this via Access Lists.
Add the source/destination to your lan only
then deny everything else.
If you can push routes via DHCP, add the routes to your lan via the vpn gateway.
See this thread,
http://www.vpnusers.com/viewtopic.php?f=7&t=3533
I just dont know how to do the DHCP part on windows servers.
Re: How to stop client's internet traffic redirected to VPN
Posted: Fri Feb 13, 2015 3:51 pm
by tc1010
Thanks for the reply.
Access Lists doesn't seem to work on this though. It blocks the client's redirected internet traffic alright but apparently the VPN server still keeps the redirect going. As a result, clients can not access any internet sites at all.
Regarding the pushing routes via DHCP on Windows server part, unfortunately I have no idea either.
Re: How to stop client's internet traffic redirected to VPN
Posted: Sat Feb 14, 2015 6:41 am
by mesa57
Set the metric of the VPN client adapter to automatic or a high number (>200).
Re: How to stop client's internet traffic redirected to VPN
Posted: Sun Feb 15, 2015 1:53 pm
by softether_fans
First, you need to go to VPN client "xxxx connection" ----> "Advanced Settings" --> "No Adjustment of Routing table", check it.
Second, you need to modify the vpn virtual adapter, make it metrics to a bigger value than your local real adapter which goes to internet.
Re: How to stop client's internet traffic redirected to VPN
Posted: Sun Feb 15, 2015 10:52 pm
by tc1010
Thank you guys, it works.
I wish there is a way I can set it up at VPN server's end though.
Sometimes it is simply not possible to count on clients to modify their systems.
As a result, clients could get much slower internet speed during VPN sessions.
Following is a before-and-after test result for a client's system.
Before modify the client's metric: download speed 4 Mb/s
After modify this client's metric: download speed 18 Mb/s
Re: How to stop client's internet traffic redirected to VPN
Posted: Thu Oct 15, 2015 4:22 pm
by ofeikes
How do I set "the metric"? That setting has escaped my searching in the various places so far...
Thanks!
Re: How to stop client's internet traffic redirected to VPN
Posted: Thu Oct 15, 2015 7:13 pm
by mesa57
On vpn tcp/ip interface advanced property's