Remote User Access

goetzrc76 · June 14, 2018, 2:16pm

I have configured Remote User Access on my Balance 380 and can successfully reach all of the devices on the 380’s LAN and at other locations via 380’s VPN connections. However, traceroute from my laptop shows all traffic transiting the Remote User Access VPN connection even if I’m just trying to reach Google. Is it possible to NOT force all traffic over the Remote User Access VPN and allow the public traffic to go directly to my laptop’s ISP? It makes no sense that if I’m sitting in Starbucks (not that I’d ever go near one) and want to search Google that the traffic should go all the way to my corporate office across the country (or world) and use my company’s ISP instead of Starbucks’ to reach the Internet.

Rich

Don_Ferrario · June 14, 2018, 6:05pm

That is a standard “feature” of the Windows built in VPN client. Depending on the security you want it may be desirable. If not:

Control Panel
Network and Internet
Network Connections
right click your VPN connection name, select Properties
Highlight IPV4, click Properties
Advanced button
IP settings tab
un-check “use default gateway on remote network”

This is a lot easier done with the Windows Power shell. You must use “run as administrator”:
set-vpnconnection -name “your-connection-name” -splittunneling $true -passthru

goetzrc76 · June 15, 2018, 4:51am

Don,

Thank you. I tested this out through the Control Panel and worked as your described. Since I have about 25 users,and growing, that I’ll need to get this done for , can I make the assumption that I could do this through Group Policy settings on my domain? I’m currently running Windows Server 2016 and Windows 10 machines.

Rich

Don_Ferrario · June 15, 2018, 4:26pm

Sorry I have no experience with Windows Group Policy. If that doesn’t work, the command line option described above is pretty quick.

goetzrc76 · June 19, 2018, 8:57am

Don,

Thanks. I’m tinkering around with Group Policies when time permits since my Power Shell experience is virtually nil. Will let you know what I found out.

Rich

MartinLangmaid · June 19, 2018, 10:16am

Windows VPN settings for dial up VPN can be found in:
C:\Users<username>\AppData\Roaming\Microsoft\Network\Connections\Pbk\rasphone.pbk

the pbk file is actually an ini file so you can open it and if you look for the property IpPrioritizeRemote it is the flag “Use default gateway on remote network”. So when set to 1 the gateway is remote or 0 its local.

So, in Group Policy Management Editor, go to Preferences / Windows Settings / Ini Files.
Create a new object with Action = Update, and File Path =
C:\ProgramData\Microsoft\Network\Connections\pbk\rasphone.pbk
(If this is where your file is located, I guess it is in c:\users if the VPN connection is made for a single user.)
Section Name should be the display name of your VPN connection, without the brackets.
Property Name = IpPrioritizeRemote
Property Value = 0

That will set it to use the local gateway instead of the remote one.