Connect. Communicate. Collaborate. Securely.

Home » Kerio User Forums » Kerio Control » Dial up routing issue with default gateway
  •  
luca.civinini@ctt

Messages: 32
Karma: 2
Send a private message to this user
Hello,
I've configured on my KWF (latest version running on Windows XP) a PPTP tunnel with a remote supplier. Internet is connected throu another ethernet interface to an HDSL router.

I've configured the PPTP VPN interface in the "other interfaces" group and configured username/password accordingly (both in Windows RAS an in KWF config).
In the properties for the PPTP connection I've also cleared the "use default gateway on remote network" flag to avoid packets for Internet to be routed within the VPN tunnel.
Finally, I've added a proper route in KWF and setup an access rule.

When I manually connect the Dialup VPN on KWF, everything is fine: Internet access works as well as access to the remote network via the PPTP VPN.

I'm facing with two different issues, both regarding a way to automate this dialup connection:

1) First of all I would like the VPN tunnel to go up automatically: when there is a specific request for IP on remote networks KWF should automatically dial the PPTP VPN.

2) I've tried to set the connection persistent (in a specific time frame): KWF then immediatly dials the VPN (and also redial it if I close the VPN in Windows - excellent!) but it then adds the default gateway on the VPN network (altought I cleared the flag in the phonebook entry in Windows). This of course disrupts Internet Access.
The stange issue is that the default gateway route is added only if the connection goes up automatically and not if the connection is manually dialed.

Is there a way to tell Kerio not to add the default gateway or to setup an "on demand connection" to a remote network via PPTP?

Thanks in advance
  •  
Jan Jezek (Kerio)

Messages: 103
Karma: 0
Send a private message to this user
1. on the routing table screen, setup a static route for the IP range with the interface as target

2. strange, if it behaves as described, it could actually be a bug

Jan Jezek
Product Development Manager - Kerio Control
Kerio Technologies
  •  
luca.civinini@ctt

Messages: 32
Karma: 2
Send a private message to this user
I've already added the route, but still no automatic connection.
I Addedd :
target: 10.10.10.10
subnet mask: 255.255.255.255
interface: the dialup VPN
gw: empty
metric: 1

Probably it happens because the target I'm trying to reach is 10.10.10.10 but the IP address assigned on the VPN channel is 172.16.16.16.

I agree it could be a bug for poin #2

Thanks for reply
  •  
Jan Jezek (Kerio)

Messages: 103
Karma: 0
Send a private message to this user
The auto connection based on static route would not work from the firewall box itself. Only from a host behind it. The IP assigned to the PPTP adapter doesn't matter.

Jan Jezek
Product Development Manager - Kerio Control
Kerio Technologies
  •  
luca.civinini@ctt

Messages: 32
Karma: 2
Send a private message to this user
Hi Jan,
all tests were made from a computer inside the network, not from the KWF itself.

But I found the answer: dialup goes up automatically only if I use a different protocol than PING. All tests I did were using PING to "trigger" the dialup. I'm quite sure I also tested with other protocols, but it didn't worked (machine was rebooted during lunch time).

So, using a different protocol than ICMP triggers the dialup connection and doesn't add the default gateway as expected.

For the other issue (adds the default gateway if the connection is permanent) it's for sure a bug but we can use the dialup as workaround.

Thanks for your help

Luca
Previous Topic: Remote administration with VNC viewer
Next Topic: Clientless SSL VPN products break web browser domain-based security models
Goto Forum:
  


Disclaimer:
Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Fri Nov 24 19:32:30 CET 2017

Total time taken to generate the page: 0.00366 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.