0

After switching out my VPN server (Windows Server 2008 to 2012), I ran into an issue where the first connection causes the server routing table to be modified which prevents access the the server side LAN. The VPN server is behind a router with all ports are forwarded, and the server has a single NIC. Prior to the first connection, the server routing table looks like this:

Network Destination        Netmask          Gateway       Interface  Metric  
          0.0.0.0          0.0.0.0      192.168.0.1    192.168.0.138    266  
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306  
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306  
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306  
      192.168.0.0    255.255.255.0         On-link     192.168.0.138    266  
    192.168.0.138  255.255.255.255         On-link     192.168.0.138    266  
    192.168.0.255  255.255.255.255         On-link     192.168.0.138    266  
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306  
        224.0.0.0        240.0.0.0         On-link     192.168.0.138    266  
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306  
  255.255.255.255  255.255.255.255         On-link     192.168.0.138    266  

After the first client connects, the routes are modified to:

Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.0.1    192.168.0.138    266
          0.0.0.0          0.0.0.0    192.168.0.147    192.168.0.148     30
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      192.168.0.0    255.255.255.0         On-link     192.168.0.138    266
      192.168.0.0    255.255.255.0    192.168.0.147    192.168.0.148     30
    192.168.0.138  255.255.255.255         On-link     192.168.0.138    266
    192.168.0.147  255.255.255.255    192.168.0.147    192.168.0.148     31
    192.168.0.148  255.255.255.255         On-link     192.168.0.148    286
    192.168.0.255  255.255.255.255         On-link     192.168.0.138    266
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link     192.168.0.138    266
        224.0.0.0        240.0.0.0         On-link     192.168.0.148    286
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link     192.168.0.138    266
  255.255.255.255  255.255.255.255         On-link     192.168.0.148    286

I would expect one new route to allow traffic back to the client, but I was not expecting the additional routes. Is there a setting that will prevent this?

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service, privacy policy and cookie policy

Browse other questions tagged or ask your own question.