Comments on: PPTP & Routing Interesting Traffic

By: Mark

Mark — Thu, 14 May 2009 18:40:22 +0000

@echo off
cls

; REM vpn.bat
; REM Mark Hudy
; REM 5/14/2009
; REM
; REM This batch file connects a VPN by it’s “exact name”, username and password
; REM Queries the routing table for a network value (192.168.1) and writes the results to %temp%\routes.txt
; REM Parses %temp%\routes.txt grabbing the value from the 3rd column in the top row only (pptp gateway)
; REM and adds a route for the foreign network (1.2.3.4/24) using the pptp gateway.
; REM The ‘pause’ at the end allows the user/customer to view the results before the window closes
; REM and assumes you have created a shortcut pointing to the batch file.

echo.
echo ——————————-
echo VPN Status:
rasdial
echo ——————————-

:start
echo.
echo [1] Sample VPN Connect
echo [2] Sample VPN Disconnect
echo [3] Do Neither and Cancel
echo.
set /p userinp=choose a number(1-3):
set userinp=%userinp:~0,1%
if “%userinp%”==”1″ goto 1
if “%userinp%”==”2″ goto 2
if “%userinp%”==”3″ goto close
echo invalid choice
goto start

:1
rasdial “Sample VPN Connection” SomeUsername SomePassword >NUL
route print |find “192.168.1″ >%temp%\routes.txt
@for /f “tokens=3″ %%i in (‘type %temp%\routes.txt’) do @set pptpGateway=%%i & goto :StopParsing

:StopParsing
route add 1.2.3.4 mask 255.255.255.0 %pptpGateway% >NUL
echo Sample VPN Connection is now connected.
goto :end

:2
rasdial “Sample VPN Connection” /disconnect >NUL
echo Sample VPN Connection is now disconnected.

:end
echo.
pause

:close

By: Josh

Josh — Sun, 29 Mar 2009 21:15:40 +0000

JJ: The funny part is that PIX version 7.0 doesn’t support PPTP. So there’s really no point discussing this, correct?

By: ID

ID — Thu, 19 Feb 2009 03:59:56 +0000

We were using a similar script a while back, but IPsec really is a better protocol. I can see your point though, IPsec on windows is a can of worms, unlike on *nix where it takes 5 mins to setup.

By: Bernie

Bernie — Mon, 05 Jan 2009 20:53:11 +0000

Thanks for the script. I was experiencing the same problem with a PPTP connection and the script just helped me to avoid adding a route every time I connect to the VPN so I don’t loose my Internet connection.

By: JJ

JJ — Sat, 03 Jan 2009 20:24:07 +0000

See:
http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00804675ac.shtml#intro

PIX version 7.0 improves support for spoke-to-spoke VPN communications as it provides the ability for encrypted traffic to enter and leave the same interface.

The same-security-traffic command permits traffic to enter and exit the same interface…

By: Josh

Josh — Sat, 03 Jan 2009 19:23:10 +0000

JJ: I was referring to the fact the PIX won’t route. As far as entering and leaving the same interface, isn’t this exactly how VPN works???

By: JJ

JJ — Mon, 22 Dec 2008 17:54:25 +0000

“internet access failed because the PIX won’t/can’t redirect traffic that isn’t on it’s local network”

Not true. The PIX will not allow traffic to enter and leave the same interface regardless of network location (security “feature”). Hence why it won’t route packets on its inside interface (Router on a stick kind of implementation).

The ASA will in fact do this though.

By: Walter

Walter — Thu, 06 Nov 2008 05:02:30 +0000

Actually, quite frankly, the commentary is more interesting messages themselves. (Not to insult the author, of course:))

By: Nate

Nate — Wed, 03 Sep 2008 20:08:53 +0000

I was experiencing this problem as well.

Would be wonderful if we could pass information like this to the client as part of establishing the VPN connect, you know, configure it server side.

Thanks for the script!