16. pptp Client Installation
I will only describe the Windows XP pptp client installation. For other operating system, please see the documents in here.
That's all for a standard configuration. All traffic from the PC will pipe through the pptp tunnel except those for the local attached network segment. This is the recommended way of implementing VPN for security reasons.
Split Tunneling allows you to configure the network so that only selected traffic is directed to the VPN tunnel. For instance, you want browsing traffic to go to the Internet directly but corporate traffic goes via the VPN, then you will need split tunneling. It is also important if your ISP requires a heatbeat from your machine to keep the connection alive.
While split tunneling provides convenience, it causes security problems because it essentially renders the VPN vulnerable to attack as it is accessible through the public, non-secure network. Check your company security policy before inplementing split tunneling.
To set up split tunneling:
If you have a simple private network which has only one single segment, you have finished the configuration. Take a break and enjoy you day.
If you have multiple subnets in the private network, there are still works to do. By not using the PPP as the default gateway, we introduce another problem. The PPP client will set up routing only to the subnet that is directly attached to the pptp gateway. Traffic will not route to the other subnets. In our test environment, you can only access 10.0.0.0 but not 172.16.0.0. To resolve this problem, I created a VBScript to add the extra routes.
The VBScript is listed here:
Option Explicit
Dim IP_Address
Dim TmpFile : TmpFile = "c:\ip.txt"
Dim route1 route1 = "route add 172.16.0.0 mask 255.255.255.0 " SaveIP
IP_Address = GetIP()
route1 = route1 & IP_Address
AddRoute Sub SaveIP
Dim ws : Set ws = CreateObject("WScript.Shell")
ws.run "%comspec% /c ipconfig > " & TmpFile, 0, True
Set ws = Nothing
End Sub Function GetIP()
Dim fso : Set fso = CreateObject("Scripting.FileSystemObject")
Dim re : Set re = New RegExp
re.Global = TRUE Dim file, fileline, matches
Dim pppsection : pppsection = FALSE If fso.FileExists(TmpFile) Then
Set file = fso.OpenTextFile(TmpFile)
Do While Not file.AtEndOfStream
fileline = file.ReadLine If Not pppsection Then If left(fileline,3) = "PPP" Then pppsection = TRUE End If Else re.Pattern = "IP Address[\. ]+: " If re.Test(fileline) Then matches = split(fileline,":") GetIP = right(matches(1),len(matches(1))-1) End If End If Loop
file.Close
End If Set re = Nothing
Set fso = Nothing
End Function Sub AddRoute
Dim ws : Set ws = CreateObject("WScript.Shell")
ws.run "%comspec% /c " & route1, 0, True
Set ws = Nothing
End Sub
Create the VBScript file somewhere in your PC and create a shortcut on the desktop. When the PPP connects, double click on the shortcut will add the route accordingly.
Note: you will need to modify the line in bold for your environment.