Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Question
Tuesday, June 27, 2017 7:00 AM
Is it possible to push a route to a client when SSTP is used?
When SSTP client connects, it is placed in dedicated VPN VLAN. But the needed servers are in another VLAN so a client needs to be informed about the route.
Apply static routes in Dial-in tab in user account properties doesn't work.
All replies (8)
Thursday, July 13, 2017 11:12 AM ✅Answered
I am going to answer my own question: the only working solution (for me) is using CMAK and using route file.
Reference: https://serverfault.com/questions/342400/windows-remote-access-server-pptp-advertised-routes
Wednesday, June 28, 2017 8:57 AM
Hi,
>>When SSTP client connects, it is placed in dedicated VPN VLAN. But the needed servers are in another VLAN so a client needs to be informed about the route.
To achieve your goal, I think you may need to configure VLAN Attributes Used in Network Policy.
1 Install NPS on your server.
2 Create a separate network policy for each group that you want to assign to a VLAN.
3 Configure network policy for use with VLAN Attributes(Tunnel-Medium-Type, Tunnel-Pvt-Group-ID, and Tunnel-Type).
More information VLAN Attributes, please refer to the following article:
https://technet.microsoft.com/en-us/library/cc754422(v=ws.10).aspx
If there is any other concern, please don’t hesitate to let me know.
Best Regards,
Frank
Please remember to mark the replies as answers if they help and unmark them if they provide no help.
If you have feedback for TechNet Subscriber Support, contact [email protected].
Wednesday, June 28, 2017 4:57 PM
Hello Frank,
I think you have misunderstood me.
VPN/SSTP server has two interfaces: LAN (VLAN 10, 192.168.10.0/255.255.255.0) and WAN (for example 211.189.110.45).
VPN/SSTP clients get IPs from VLAN 10.
Intranet servers are in their own server's LAN (VLAN 20, 192.168.20.0/255.255.255.0).
SSTP server has access to intranet servers through its default gateway (192.168.10.1).
Similarly, VPN clients should receive "route add 192.168.20.0 255.255.255.0 192.168.10.1" in order to gain access to intranet servers.
Friday, June 30, 2017 10:15 AM
Hi,
When your client connect to your VPN server,you client would get a default gateway from VPN server. There is no
necessarily to create a static route.
Best Regards,
Frank
Please remember to mark the replies as answers if they help and unmark them if they provide no help.
If you have feedback for TechNet Subscriber Support, contact [email protected].
Friday, July 7, 2017 7:02 AM
Hi,
Just checking in to see if the information provided was helpful. Please let us know if you would like further assistance.
Best Regards,
Frank
Please remember to mark the replies as answers if they help and unmark them if they provide no help.
If you have feedback for TechNet Subscriber Support, contact [email protected].
Monday, July 10, 2017 5:47 AM
When your client connect to your VPN server,you client would get a default gateway from VPN server.
My client does not get a default gateway. Client's WAN Miniport interface says "DHCP enabled no".
This file IpHlpSvc.LOG only has some log entries. EventViewer has no errors or warnings.**
**
[1400] 07:40:14: ReferenceService: ++9 (Nsi Event) @ onecoreuap\net\netio\iphlpsvc\service\6to4svc.c:4718
[1400] 07:40:14: Get lock (0000000000000634) invoked at onecoreuap\net\netio\iphlpsvc\service\6to4svc.c : NsiNotificationCommonHandler : 4722
[1400] 07:40:14: Lock (0000000000000634) acquired at onecoreuap\net\netio\iphlpsvc\service\6to4svc.c : NsiNotificationCommonHandler : 4722. Return 0
[1400] 07:40:14: ReferenceCompartment: 0x0000024C76EF4E40: ++2 @ onecoreuap\net\netio\iphlpsvc\service\6to4svc.c:4735
[1400] 07:40:14: Entered: Queueing Worker for Nsi Event
[1400] 07:40:14: Lock (0000000000000634) released at onecoreuap\net\netio\iphlpsvc\service\6to4svc.c : NsiNotificationCommonHandler : 4794. Return 1
[1400] 07:40:14: Leaving: Queued worker for Nsi Event
[1400] 07:40:14: Get lock (0000000000000650) invoked at onecoreuap\net\netio\iphlpsvc\service\spltunmgr.c : OnIpv4InterfaceChangeSplTunMgr : 512
[1400] 07:40:14: Lock (0000000000000650) acquired at onecoreuap\net\netio\iphlpsvc\service\spltunmgr.c : OnIpv4InterfaceChangeSplTunMgr : 512. Return 0
[1400] 07:40:14: Entered: OnIpv4InterfaceChangeSplTunMgr
[1400] 07:40:14: Entered: SplTunMgrApplyFilteringStateUnderLock
[1400] 07:40:14: SplTunMgrApplyFilteringStateUnderLock: NewFilteringState = 0, global connected state = 0
[1400] 07:40:14: Leaving: SplTunMgrApplyFilteringStateUnderLock
[1400] 07:40:14: Lock (0000000000000650) released at onecoreuap\net\netio\iphlpsvc\service\spltunmgr.c : OnIpv4InterfaceChangeSplTunMgr : 523. Return 1
[1400] 07:40:14: Leaving: OnIpv4InterfaceChangeSplTunMgr
[1400] 07:40:14: Get lock (0000000000000634) invoked at onecoreuap\net\netio\iphlpsvc\service\6to4svc.c : Ipv4InterfaceChangeHandler : 4947
[1400] 07:40:14: Lock (0000000000000634) acquired at onecoreuap\net\netio\iphlpsvc\service\6to4svc.c : Ipv4InterfaceChangeHandler : 4947. Return 0
[1400] 07:40:14: Entered: Ipv4InterfaceChangeHandler
[1400] 07:40:14: Entering OnIpv4InterfaceChange: NsiParameterNotification
[1400] 07:40:14: UpdateInterface: Luid: 17000000000000 Compartment: 1
[1400] 07:40:14: UpdateInterfaceNetworkInformation: "RAS (Dial In) Interface", GUID = {6E06F030-7526-11D2-BAF4-00600815A4BD}DNS suffix = ""
[1400] 07:40:14: Leaving: Common: OnIpv4InterfaceChange
[1400] 07:40:14: Lock (0000000000000634) released at onecoreuap\net\netio\iphlpsvc\service\6to4svc.c : Ipv4InterfaceChangeHandler : 4959. Return 1
[1400] 07:40:14: Leaving: Ipv4InterfaceChangeHandler
[1400] 07:40:14: DereferenceCompartment: 0x0000024C76EF4E40 : --3 @ onecoreuap\net\netio\iphlpsvc\service\6to4svc.c:4966
[1400] 07:40:14: DereferenceService: --10 (Nsi Event) @ onecoreuap\net\netio\iphlpsvc\service\6to4svc.c:4972
[2248] 07:40:14: Get lock (0000000000000638) invoked at onecoreuap\net\netio\iphlpsvc\service\isatap.c : OnIpv4InterfaceChangeIsatap : 4272
[2248] 07:40:14: Lock (0000000000000638) acquired at onecoreuap\net\netio\iphlpsvc\service\isatap.c : OnIpv4InterfaceChangeIsatap : 4272. Return 0
[2248] 07:40:14: Entered: OnIpv4InterfaceChangeIsatap
[2248] 07:40:14: Entering OnIpv4InterfaceChange: NsiParameterNotification
[2248] 07:40:14: UpdateInterface: Luid: 17000000000000 Compartment: 1
[2248] 07:40:14: UpdateInterfaceNetworkInformation: "RAS (Dial In) Interface", GUID = {6E06F030-7526-11D2-BAF4-00600815A4BD}DNS suffix = ""
[2248] 07:40:14: Entered: IsatapIpv4InterfaceChange
[2248] 07:40:14: IsatapUpdateRouterAddress: isatap.{6E06F030-7526-11D2-BAF4-00600815A4BD}, router = isatap
[2248] 07:40:14: Entered: IsatapResolveIpv4AddressesAsync
[2248] 07:40:14: Entered: IsatapStopUpdateRouterAddressAsync
[2248] 07:40:14: Entered: IsatapUpdateRouterAddressAsyncCancel
[2248] 07:40:14: Leaving: IsatapUpdateRouterAddressAsyncCancel
[2248] 07:40:14: Leaving: IsatapStopUpdateRouterAddressAsync
[2248] 07:40:14: IsatapResolveIpv4AddressesAsync returned error 0
[2248] 07:40:14: Leaving: IsatapResolveIpv4AddressesAsync
[2248] 07:40:14: Leaving: Common: OnIpv4InterfaceChange
[2248] 07:40:14: Lock (0000000000000638) released at onecoreuap\net\netio\iphlpsvc\service\isatap.c : OnIpv4InterfaceChangeIsatap : 4284. Return 1
[2248] 07:40:14: Leaving: OnIpv4InterfaceChangeIsatap
[4264] 07:40:14: Entered: Got an IPV4 interface change notification
[4264] 07:40:14: Get lock (000000000000063C) invoked at onecoreuap\net\netio\iphlpsvc\service\teredo.c : OnIpv4InterfaceChangeTeredo : 3814
[4264] 07:40:14: Lock (000000000000063C) acquired at onecoreuap\net\netio\iphlpsvc\service\teredo.c : OnIpv4InterfaceChangeTeredo : 3814. Return 0
[4264] 07:40:14: Entering OnIpv4InterfaceChange: NsiParameterNotification
[4264] 07:40:14: UpdateInterface: Luid: 17000000000000 Compartment: 1
[4264] 07:40:14: UpdateInterfaceNetworkInformation: "RAS (Dial In) Interface", GUID = {6E06F030-7526-11D2-BAF4-00600815A4BD}DNS suffix = ""
[4264] 07:40:14: Entered: Got an interface change notification
[4264] 07:40:14: process a compartment change notification
[4264] 07:40:14: ReferenceService: ++9 (TeredoCompartmentChangeNotification) @ onecoreuap\net\netio\iphlpsvc\service\teredo.c:2211
[4264] 07:40:14: Leaving: Finished processing interface change
[4264] 07:40:14: Leaving: Common: OnIpv4InterfaceChange
[4264] 07:40:14: Leaving: Finished processing IPV4 interface change
[4264] 07:40:14: Lock (000000000000063C) released at onecoreuap\net\netio\iphlpsvc\service\teredo.c : OnIpv4InterfaceChangeTeredo : 3830. Return 1
[2248] 07:40:17: Entered: IsatapUpdateRouterAddressAsyncCallback
[2248] 07:40:17: Entered: IsatapUpdateRouterAddressAsyncCleanupAndSetEvent
[2248] 07:40:17: Leaving: IsatapUpdateRouterAddressAsyncCleanupAndSetEvent
[2248] 07:40:17: Get lock (0000000000000638) invoked at onecoreuap\net\netio\iphlpsvc\service\isatap.c : IsatapUpdateRouterAddressAsyncCallback : 1443
[2248] 07:40:17: Lock (0000000000000638) acquired at onecoreuap\net\netio\iphlpsvc\service\isatap.c : IsatapUpdateRouterAddressAsyncCallback : 1443. Return 0
[2248] 07:40:17: Entered: IsatapUpdatePotentialRouterList
[2248] 07:40:17: IsatapUpdatePotentialRouterList: Failed to resolve router isatap in site
[2248] 07:40:17: IsatapUpdateLinkAddressAndPrlIfChanged: For isatap.{6E06F030-7526-11D2-BAF4-00600815A4BD} - link layer address is unchanged (0.0.0.0), skipping update.
[2248] 07:40:17: Leaving: IsatapUpdatePotentialRouterList
[2248] 07:40:17: Lock (0000000000000638) released at onecoreuap\net\netio\iphlpsvc\service\isatap.c : IsatapUpdateRouterAddressAsyncCallback : 1476. Return 1
[2248] 07:40:17: Leaving: IsatapUpdateRouterAddressAsyncCallback
[4048] 07:40:17: Network(0000024C7691C3C0), Status(0) DomainType (0) Managed(0)
[4048] 07:40:17: Network(0000024C7691B6A0), Status(0) DomainType (2) Managed(1)
[4048] 07:40:17: Managed network detection is complete. Managed:(1)
[4048] 07:40:17: Get lock (000000000000063C) invoked at onecoreuap\net\netio\iphlpsvc\service\teredo.c : TeredoNetworkChangeNotificationWorker : 2115
[4048] 07:40:17: Lock (000000000000063C) acquired at onecoreuap\net\netio\iphlpsvc\service\teredo.c : TeredoNetworkChangeNotificationWorker : 2115. Return 0
[4048] 07:40:17: Teredo compartment network change: Managed flag = 1
[4048] 07:40:17: Unable to open key System\CurrentControlSet\Services\iphlpsvc\Diagnostics. Error 2
[4048] 07:40:17: Lock (000000000000063C) released at onecoreuap\net\netio\iphlpsvc\service\teredo.c : TeredoNetworkChangeNotificationWorker : 2131. Return 1
[4048] 07:40:17: DereferenceService: --10 (TeredoNetworkChangeNotificationWorker) @ onecoreuap\net\netio\iphlpsvc\service\teredo.c:2135
Tuesday, July 11, 2017 8:42 AM
Hi,
Based your figure,you enable DHCP.
I suggest you run command ipconfig /all to check if it had has a default gateway.
Best Regards,
Frank
Please remember to mark the replies as answers if they help and unmark them if they provide no help.
If you have feedback for TechNet Subscriber Support, contact [email protected].
Tuesday, July 11, 2017 9:12 AM
Well, I forgot that I had enabled VPN split tunneling. Since there's no GUI for configuration in Win10, one forgets about it easily. If split tunneling is disabled, client gets a default gateway.
So back to the original question: **how do I push a route to VPN client if split tunneling is enabled on a client? I mean automatically = by VPN server or client software.
**