As I discussed previously (the bit about a can of worms), if you use Virtual Private Networking to connect to a remote network with more than one subnet, you can let Windows set the default gateway to be the remote network. This way, you can contact all the hosts on the remote network and its subnets. Unfortunately, all your Internet traffic will travel through the tunnel, too, slowing you down. The remote network might not even permit outgoing Internet access.
The alternative is to disable the use of the default gateway and manually add routes to any subnets known to belong to the private network. To make these changes, you have to work in a Command Prompt window with elevated privileges. To open one, click Start, All Programs, Accessories. Right-click Command Prompt and select Run As Administrator. Then confirm the UAC prompt.
To add information about remote network subnets, use the route command, which looks like this:
route add subnet mask netmask gateway
The subnet and netmask arguments are the addresses for additional networks that can be reached through the gateway address gateway. To add a route, you must know the IP address and mask information for each remote subnet and your gateway address on the VPN.
You must get the subnet information from the network administrator on the remote end. You can find the gateway address from your own computer. Connect to the remote VPN, and type ipconfig in the command prompt window. One of the connections printed will be labeled PPP Adapter or L2TP Adapter. Note the gateway IP address listed. This address can be used as the gateway address to send packets destined for other subnets on the remote network.
Suppose you're connecting to a VPN host through a connection named VPN to Client and you find these connection addresses:
PPP adapter VPN to Client: IP Address. . . . . . . 192.168.5.226 Subnet Mask . . . . . . 255.255.255.255 Default Gateway . . . . 192.168.5.226Now suppose you know that there are two other subnets on the remote network: 192.168.10.0 mask 255.255.255.0 and 192.168.15.0 mask 255.255.255.0. You can reach these two networks by typing two route commands:
route add 192.168.10.0 mask 255.255.255.0 192.168.5.226 route add 192.168.15.0 mask 255.255.255.0 192.168.5.226
Each route command ends with the IP address of the remote gateway address (it's called the next hop).
Check your work by typing route print and looking at its output. In the IPv4 Route Table section, you should see only one destination labeled 0.0.0.0; if you see two, you forgot to disable the use of the default gateway on the remote network. Verify that the two routes you added are shown.
To avoid having to type all this every time, you can use another neat trick. You can put a rasphone command and route commands in a batch file, like this:
@echo off rasphone -d "VPN to Client" route add 192.168.10.0 mask 255.255.255.0 192.168.005.225 route add 192.168.15.0 mask 255.255.255.0 192.168.005.225
The rasphone command pops up the connection dialer. When the connection is made, the two routes will be added, and you're all set. With this setup, you'll need the network administrator to give you the real RAS gateway address of the remote VPN server to use as the "next hop" of the route commands. With a shortcut to this batch file, you can connect and set up the routes with just a click.
When you disconnect the VPN connection, Windows removes the added routes automatically.