Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Question
Saturday, November 19, 2016 10:03 PM
Hello,
We have a remote access via SSTP into our company Network.
Our RAS\VPN Server is a Windows Server 2012 R2.
For a Little bit more security we have Split-Tunneling disabled.
When a user builds the SSTP VPN he can only get into our network.
But he can no longer get into the internet.
Is there a possibility that its Internet traffic over the VPN is routed through our Network?
At the moment he is only in our company network but not in the Internet.
Best Regards,
Coyo
All replies (5)
Monday, November 21, 2016 2:43 AM
Hi Coyote,
>>Is there a possibility that its Internet traffic over the VPN is routed through our Network?
Did you mean that you want client to connect VPN server through internet?
>>When a user builds the SSTP VPN he can only get into our network.But he can no longer get into the internet.
You could create route record on VPN server to fix it.
Best Regards
John
Please remember to mark the replies as answers if they help.
If you have feedback for TechNet Subscriber Support, contact [email protected].
Monday, November 21, 2016 1:41 PM
Hi John,
I mean if the users have built a VPN into the company, then they should also be able to over this VPN line in the Internet.
Where do I have to set the route at the VPN server? Route add? Or Routing and ras?
I wonder because the VPN server already has a default-gateway to the Internet.
Best regards,
Coyo
Tuesday, November 22, 2016 1:56 AM
Hi Coyote,
>>Where do I have to set the route at the VPN server? Route add? Or Routing and ras?
You could run route add command to add static route from VPN server to internet.
>>I mean if the users have built a VPN into the company, then they should also be able to over this VPN line in the Internet.
You could disable "use default gateway on remote network" on client to achieve the goal.
Please open the Network and Sharing Center, and then click Change adapter settings, right-click VPN connection, on VPN connection properties, and select networking, double-click TCP/IPv4, you could disable it by Advanced TCP/IP Settings.
Another way is that you could configure NAT to achieve the goal.
Best Regards
John
Please remember to mark the replies as answers if they help.
If you have feedback for TechNet Subscriber Support, contact [email protected].
Monday, February 20, 2017 9:29 AM
Sorry for the late reply. I was sick for a long time.
About: "disable 'use default gateway on remote network'" Is this not a security risk (=Split-Tunneling)?
I try someting with static routes, but I can not manage to redirect the entire Internet traffic. I can route single IP (maybe also subnets) like 8.8.8.8 through my company network. How should the entry look like?
My VPN Server has two network-Cards. Example, not really my ip's ;)
- NetworkCard DMZ: 62.62.62.62 Gateway: 62.62.62.60
- NetworkCard LAN: 10.10.10.10 Gateway: (of Course, not set)
I try'd someting like:
Target: 0.0.0.0 MASK 0.0.0.0 Gateway: 62.62.62.20
But nothing happens
How can i do this with "NAT"? Do you have a link\HowTo?
Thanks for all,
Coyo
Tuesday, February 21, 2017 12:48 PM
Hi Coyo,
>>"disable 'use default gateway on remote network'" Is this not a security risk (=Split-Tunneling)?
When client disable this option, client could access internet by using local gateway, traffic will not go through VPN tunnel.
>>Target: 0.0.0.0 MASK 0.0.0.0 Gateway: 62.62.62.20 But nothing happens
What is IP address range for VPN clients?
Please add router entry for VPN client addresses on router feature.
>>How can i do this with "NAT"? Do you have a link\HowTo?
Please try to reference the link below:
Enable and Configure NAT
https://technet.microsoft.com/en-us/library/dd469812(v=ws.11).aspx
Best Regards
John
Please remember to mark the replies as answers if they help.
If you have feedback for TechNet Subscriber Support, contact [email protected].