Including routing table updates

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2

Including routing table updates

You can alter client routing tables with your service profile in order to better manage your network traffic and security. You can include a routing table update file in the service profile, provide a URL to an update file hosted on a server, or both. You can choose to undo any routing changes you made when the connection ends.

Advantages of including routing table update files

Routing table update files are plain-text files that you can create and edit in any plain-text editor, such as Notepad. The files you create or edit modify the routes on client computers. You can manage significant network security requirements by including update files in your service profile. The benefits include the ability to:

• Control user access to a corporate intranet

• Route all users through the same remote access server

• Redirect Internet traffic for VPN connections without using a proxy server

Distribution channels

You can provide update files for use in a service profile in one of three ways:

• Include a file with the service profile package (static)

• Include a URL to a file with the service profile and host the file on a Web server (dynamic)

• Include a static file with the service profile and include a URL to an additional file

You can distribute an update file by including it with a service profile. When the user installs the profile, the file is installed in the same directory as the profile. You should consider two factors when designing a profile using this method of distribution. The routes in the file on the client computer are not secure, and you must create and distribute another profile if you want to update the file.

Important

• If the user has not logged on with administrative credentials for the client computer, routing table updates will not be applied. The user will still be able to connect using your service profile, but the routes on the client computer will not be updated.

• The user will not be able to connect if the client computer cannot find a routing table update file you included in a service profile.

• You should not change the value of the Gateway_On_Remote key when using routing table updates. By default, the dial-up entry and the VPN entry will have Make this connection the default gateway selected. You should leave this default in place, and remove any gateways by using the REMOVE_GATEWAY command in the routing table update file itself.

You can provide a URL to an update file hosted on a Web server. The file is downloaded every time the user completes the connection. The user cannot easily review any file you distribute in this way. You can also update that file at any time.

If you provide a URL to an update file hosted on a Web server, you must make two additional decisions. The first is whether to terminate the connection if the server is unreachable. The second is whether to delete the default gateway on the client computer.

You can provide an update file with the service profile and a URL to an additional update file. This approach allows more flexibility in your design. You can add or delete routes as necessary to the hosted file, but you cannot change the file included with the service profile without recreating and redistributing the profile. You still need to decide whether to terminate the connection if the Web server is unreachable and whether to delete the default gateway on the client computer.

Syntax of routing table update files

Routing table update files are constructed as plain-text files. Each line in those files adds or deletes a route. The syntax of each line is as follows:

Command Destination MASK Netmask Gateway METRIC Metric IF Interface

Certain parameters can contain the value of default. In those cases, the appropriate information from the client computer is used. The table below provides more information on each parameter:

Therefore, if you want the connection to follow a different route, you could include a line in your update file similar to the following example:

ADD 192.168.123.231 MASK 255.255.255.0 default METRIC default IF default

To delete a route, you could include a line in your update file similar to the following example:

DELETE 192.168.123.232 MASK 255.255.255.0 default METRIC default IF default

Important

• If your update file includes a delete command for a non-existent route, the connection will fail.

To remove the default gateway, you can add the following line to the update file:

REMOVE_GATEWAY

Unlike adding or removing a route, no further syntax is required after the REMOVE_GATEWAY command.

Routing table precedence

During the connection process, update files are applied in a specific sequence. You should keep this sequence in mind when you design your profile.

1. All update files are retrieved.

2. If you provide an update file with the service profile (static file), routing information from that file is applied to the client computer first.

3. If you provide a URL to an update file, routing information from that file is applied to the client computer after the static file. The downloaded file is then immediately deleted.

4. If you included the REMOVE_GATEWAY command in either update file, this command is executed after all other routes have been applied.

Because of this order of precedence, a dynamic file could add routes, replace routes specified in the static file included with the service profile, or both.

If you use the default interface value, the routing changes you specify are reversed when the user disconnects.