LessThanDot Site Logo

LessThanDot

A Technical Community for IT Professionals

Less Than Dot is a community of passionate IT professionals and enthusiasts dedicated to sharing technical knowledge, experience, and assistance. Inside you will find reference materials, interesting technical discussions, and expert tips and commentary.

LTD Social Sitings

Lessthandot twitter Lessthandot Linkedin Lessthandot facebook Lessthandot rss

Note: Watch for social icons on posts by your favorite authors to follow their postings on these and other social sites.

Highly Rated Users

Forum
No Posts Rated

Top 50
Given
Received

Links

Wiki
Blog

Forum Statistics

Users
Members:
1879
Members Online:
0
Guests Online:
99

Total Post History
Posts:
81451
Topics:
18716

7-Day Post History
New Posts:
0
New Topics:
0
Active Topics:
0

Our newest member
mwojcik

Other

FAQ
All times are UTC [ DST ]

help with ROUTE command

Please wait...

help with ROUTE command

Postby ThatRickGuy on Tue Sep 14, 2010 1:05 pm

So I'm at a hotel. I'm on the Hotel's WiFi connection (Which allows me to get to Pandora). I'm connected to my companies VPN (Which does not allow me to connect to Pandora).

What I really want is to route all 10.34.*.* traffic over the VPN (gateway 10.34.24.1 mask 255.255.255.0), and all other traffic over the WiFi (gateway 10.3.103.254 mask 255.255.252.0).

  1. C:\Documents and Settings\way>route print 0.0.0.0
  2. ===========================================================================
  3. Interface List
  4. 0x1 ........................... MS TCP Loopback interface
  5. 0x2 ...00 1c 23 3a 56 c1 ...... Broadcom NetXtreme 57xx Gigabit Controller - Packet Scheduler Miniport
  6. 0x3 ...00 21 5c 99 6f 2d ...... Intel(R) Wireless WiFi Link 4965AGN - Packet Scheduler Miniport
  7. 0x4 ...00 ff 6d 3f dc 2e ...... Anchorfree HSS Adapter - Packet Scheduler Miniport
  8. 0x40006 ...00 05 9a 3c 7a 00 ...... Cisco AnyConnect VPN Virtual Miniport Adapter for Windows - Packet Scheduler Miniport
  9. ===========================================================================
  10. ===========================================================================
  11. Active Routes:
  12. Network Destination        Netmask          Gateway       Interface  Metric
  13.           0.0.0.0          0.0.0.0       10.34.24.1    10.34.24.120       1
  14. Default Gateway:        10.34.24.1
  15. ===========================================================================
  16. Persistent Routes:
  17.   None
  18.  


Unfortunately, I don't comprehend the ROUTE ADD function well enough to implement that change. Anyone have some pointers?

Thanks,
-Rick
O_o \__o- \__o- \__o- \__o-
User avatar
ThatRickGuy
LTD Admin
LTD Admin
LTD Silver - Rating: 311LTD Silver - Rating: 311LTD Silver - Rating: 311LTD Silver - Rating: 311LTD Silver - Rating: 311
LTD Silver - Rating: 311
 
Posts: 1598
Joined: Thu Oct 11, 2007 3:21 pm
Location: Madison, WI
Unrated

Re: help with ROUTE command

Postby Emtucifor on Tue Sep 14, 2010 5:06 pm

1. What is the gateway for the internet connection?

2. Please disconnect from the VPN, run a ROUTE PRINT command in a command window, and post the results of that.

It's going to look something like this:

  1. ROUTE ADD 10.34.24.0 MASK 255.255.255.0 10.34.24.1 METRIC 1
  2. ROUTE DELETE 0.0.0.0
  3. ROUTE ADD 0.0.0.0 MASK 0.0.0.0 {INTERNET GATEWAY} METRIC 2

I don't think the metrics are necessary since it always goes from least specific to most specific.
God cries a little bit every time someone builds a database.
User avatar
Emtucifor
Guru
Guru
LTD Gold - Rating: 1033LTD Gold - Rating: 1033LTD Gold - Rating: 1033LTD Gold - Rating: 1033LTD Gold - Rating: 1033
LTD Gold - Rating: 1033LTD Gold - Rating: 1033LTD Gold - Rating: 1033LTD Gold - Rating: 1033LTD Gold - Rating: 1033
LTD Gold - Rating: 1033
 
Posts: 2835
Joined: Fri May 30, 2008 9:30 pm
Location: Bellingham, WA
Unrated

Re: help with ROUTE command

Postby damber on Wed Sep 15, 2010 9:24 am

It depends what VPN client you have, and how it is set-up - though if your machine is as locked down as ours, the vpn client will disallow connection to the local LAN outside the VPN tunnel. You don't want to know what I had to do to get round this without a blatant and destructive hack.
a smile is worth a thousand kind words, so smile, it's easy! :-)


CODE: $5
WORKING CODE: $500
PROPERLY DESIGNED & WORKING CODE: Priceless
User avatar
damber
LTD Admin
LTD Admin
LTD Silver - Rating: 663LTD Silver - Rating: 663LTD Silver - Rating: 663LTD Silver - Rating: 663LTD Silver - Rating: 663
LTD Silver - Rating: 663LTD Silver - Rating: 663LTD Silver - Rating: 663LTD Silver - Rating: 663LTD Silver - Rating: 663
 
Posts: 3138
Joined: Tue Oct 09, 2007 1:48 pm
Location: North Wales, UK
Unrated

Re: help with ROUTE command

Postby ThatRickGuy on Wed Sep 15, 2010 11:23 am

Route print with out the VPN:

  1. ===========================================================================
  2. Interface List
  3. 0x1 ........................... MS TCP Loopback interface
  4. 0x2 ...00 1c 23 3a 56 c1 ...... Broadcom NetXtreme 57xx Gigabit Controller - Pac
  5. ket Scheduler Miniport
  6. 0x3 ...00 21 5c 99 6f 2d ...... Intel(R) Wireless WiFi Link 4965AGN - Packet Sch
  7. eduler Miniport
  8. 0x4 ...00 ff 6d 3f dc 2e ...... Anchorfree HSS Adapter - Packet Scheduler Minipo
  9. rt
  10. ===========================================================================
  11. ===========================================================================
  12. Active Routes:
  13. Network Destination        Netmask          Gateway       Interface  Metric
  14.           0.0.0.0          0.0.0.0     10.3.103.254     10.3.102.16       10
  15.        10.3.100.0    255.255.252.0      10.3.102.16     10.3.102.16       10
  16.       10.3.102.16  255.255.255.255        127.0.0.1       127.0.0.1       10
  17.    10.255.255.255  255.255.255.255      10.3.102.16     10.3.102.16       10
  18.         127.0.0.0        255.0.0.0        127.0.0.1       127.0.0.1       1
  19.         224.0.0.0        240.0.0.0      10.3.102.16     10.3.102.16       10
  20.   255.255.255.255  255.255.255.255      10.3.102.16     10.3.102.16       1
  21.   255.255.255.255  255.255.255.255      10.3.102.16               2       1
  22.   255.255.255.255  255.255.255.255      10.3.102.16               4       1
  23. Default Gateway:      10.3.103.254
  24. ===========================================================================
  25. Persistent Routes:
  26.   None
O_o \__o- \__o- \__o- \__o-
User avatar
ThatRickGuy
LTD Admin
LTD Admin
LTD Silver - Rating: 311LTD Silver - Rating: 311LTD Silver - Rating: 311LTD Silver - Rating: 311LTD Silver - Rating: 311
LTD Silver - Rating: 311
 
Posts: 1598
Joined: Thu Oct 11, 2007 3:21 pm
Location: Madison, WI
Unrated

Re: help with ROUTE command

Postby Emtucifor on Wed Sep 15, 2010 5:25 pm

So I think this should work:

  1. ROUTE DELETE 0.0.0.0
  2. ROUTE ADD 0.0.0.0 MASK 0.0.0.0 10.3.103.254 METRIC 10
  3. ROUTE ADD 10.34.24.0 MASK 255.255.255.0 10.34.24.1 METRIC 1
  4. ROUTE ADD 10.3.100.0 MASK 255.255.252.0 10.3.102.16 METRIC 10
  5. ROUTE ADD 10.3.102.16 MASK 255.255.255.255 127.0.0.1 METRIC 10
  6. ROUTE ADD 10.255.255.255 MASK 255.255.255.255 10.3.102.16 METRIC 10

Basically, add in every route you had before that makes sense, and make sure your new route to the VPN address has a lower metric (lower number is higher priority, I believe).

Before you run all that, though, do a ROUTE PRINT with the VPN connected, as many of them may already be in place and don't need to be re-added, especially the broadcast routes (255.255.255.255).

You could play with the -P switch to make routes permanent across reboots, but I'm not sure if that's a good idea.
God cries a little bit every time someone builds a database.
User avatar
Emtucifor
Guru
Guru
LTD Gold - Rating: 1033LTD Gold - Rating: 1033LTD Gold - Rating: 1033LTD Gold - Rating: 1033LTD Gold - Rating: 1033
LTD Gold - Rating: 1033LTD Gold - Rating: 1033LTD Gold - Rating: 1033LTD Gold - Rating: 1033LTD Gold - Rating: 1033
LTD Gold - Rating: 1033
 
Posts: 2835
Joined: Fri May 30, 2008 9:30 pm
Location: Bellingham, WA
Unrated

Re: help with ROUTE command

Postby ThatRickGuy on Wed Sep 15, 2010 11:33 pm

Awesome! I'll give it a try tomorrow. I figured I'd skip the -p option, since I'll be in and out of Ireland and different hotels. But I was going to throw it all in a batch file so I could flip it on as needed.

Thanks!

-Rick
O_o \__o- \__o- \__o- \__o-
User avatar
ThatRickGuy
LTD Admin
LTD Admin
LTD Silver - Rating: 311LTD Silver - Rating: 311LTD Silver - Rating: 311LTD Silver - Rating: 311LTD Silver - Rating: 311
LTD Silver - Rating: 311
 
Posts: 1598
Joined: Thu Oct 11, 2007 3:21 pm
Location: Madison, WI
Unrated

Re: help with ROUTE command

Postby Emtucifor on Thu Sep 16, 2010 12:54 am

Rick, the problem with throwing it into a batch file is that the routes will change depending on the connection you set up. If you're using DHCP then the routes could be completely different from hotel to hotel. At your current one it looks like they're using 10.3.100.0/22 (aka 10.3.100.0 mask 255.255.252.0; aka 10.3.100.0 - 10.3.103.255).

So every time you'll need to do the ROUTE PRINT first, and then after connecting to the VPN, delete the incorrect 0.0.0.0 route sending all internet traffic over the VPN, followed by restoring everything that was originally in the table.

With a little coding and/or clever dos commands, you could have one batch file that parses the output of ROUTE PRINT and creates a second batch file on the fly that will do the restoring job for you. So it could be this simple:

1. Run createroute.bat (creates/overwrites setroute.bat with correct statements).
2. Connect to VPN
3. Run setroute.bat to fix internet routing.

For what it's worth, the reason your company doesn't want to have you connecting to the internet while on the VPN except through them is because then there's a completely unprotected route into the company's internal network through your computer.

But I don't think this is that much of a concern, because your laptop connects to the internet anyway and could already be p0wned with all sorts of trojans and viruses. So if they let you connect to the VPN at all they should have a firm policy about up-to-date corporate antispy and antivirus software installed on your computer. That's the only thing that's really going to do any protection. Just avoiding having the two pipes connected at the same time isn't much security by itself.
God cries a little bit every time someone builds a database.
User avatar
Emtucifor
Guru
Guru
LTD Gold - Rating: 1033LTD Gold - Rating: 1033LTD Gold - Rating: 1033LTD Gold - Rating: 1033LTD Gold - Rating: 1033
LTD Gold - Rating: 1033LTD Gold - Rating: 1033LTD Gold - Rating: 1033LTD Gold - Rating: 1033LTD Gold - Rating: 1033
LTD Gold - Rating: 1033
 
Posts: 2835
Joined: Fri May 30, 2008 9:30 pm
Location: Bellingham, WA
Unrated

Re: help with ROUTE command

Postby ThatRickGuy on Thu Sep 16, 2010 1:39 pm

Yeah, I was just going to manually run route print, then update the batch file, then run it.

As for the security, I'm aware of the risk, the laptop does have an up to date protection system, and my write permissions out on the network are atleast somewhat limited.

I supose I could try to put together routes for just Pandora, but that's a bit complicated as I'm in Ireland and going through a US proxy to get to it. It's like jumping through hoop after hoop to get this stuff to work.

-Rick
O_o \__o- \__o- \__o- \__o-
User avatar
ThatRickGuy
LTD Admin
LTD Admin
LTD Silver - Rating: 311LTD Silver - Rating: 311LTD Silver - Rating: 311LTD Silver - Rating: 311LTD Silver - Rating: 311
LTD Silver - Rating: 311
 
Posts: 1598
Joined: Thu Oct 11, 2007 3:21 pm
Location: Madison, WI
Unrated