my office have set up MT box and pptp-in for vpn incoming connection. users (using win2k or winxp) could connect to MT box.
but if users config vpn connection with using remote computer be default gateway, users could acccess office internal network, but they can not access to internet any more.
if users config vpn connection not using remote computer be default gateway, they can access to internet as normal, but they cannot access offical internal network anymore.
any suggestion for users after dial up vpn, they could access internet as well as office internal network?
You wrote that users could not access internet. What do you mean by this exactly? They cannot browse web pages?
What happens if you try to ping or tracert some internet server from client that is connected to VPN and use default gateway?
in case i setup user vpn connection with use default gateway on remote computer (MT box), user could ping internal network, but could not ping other internet server.
if i set snat on MT box for vpn user, user could ping both internal computers as well as other internet servers, but all the connection of user (including both to internal network and internet) will be go via MT box, which i don’t want it.
i only want: after user connect to MT box via vpn, if they access internal network, go via MT box gateway, if they access internet, go via their isp gateway.
This would be a client side configuration. What VPN client are you using? Windows built-in, or third party?
On the client when connected to the VPN, open a CMD prompt, and run “route print”. Your default route should not change when connected to the VPN, and there should be additional routes for the remote network you are connected to via the VPN.
If the default route has changed go into your VPN client and remove the option that sets the remote gateway as the default gateway for the client.
In windows XP built-in VPN client:
right click go to properties
select the “Networking” tab
select “Internet Protocol TCP/IP” and click properties
click the “Advanced” button
uncheck the box that says “Use default gateway on remote network”
After you do that the VPN client should just make a route to the remote network and leave your default gateway unchanged.
Yes, this is what i asked. if i uncheck “Use default gateway on remote network”, “c:\route print” show that do not change default gateway, user could access internet but cannot access office internal network.
opposite side, if i check “Use default gateway on remote network”, “c:\route print” show that default gateway change to vpn ip, user could access office internal network but cannot access internet.
i know that if i uncheck “Use default gateway on remote network” in user vpn advance setting, then “c:\route 192.168.0.0 netmask 255.255.255.0 192.168.1.1” (192.168.0.0 is my office internal network, 192.168.1.1 is user vpn ip" could do exactly what i want — when user access office internal network, go via 192.168.1.1, if user access internet, go via his isp gateway, but it is trouble, any easier way to do what i want?
Your problem is that you’re allocating a vpn IP address that isn’t on your office network. The client has no way of knowing about your office network and unless you tell it to send all traffic to the remote end ( the “Use default gateway on remote network” checkbox) it won’t talk to the office network.
The solution is to change the range of IP addresses that you’re allocating to your vpn clients so that it’s part of your office network.