Export (0) Print
Expand All

Including Routing Table Updates

Updated: April 8, 2009

Applies To: Windows 7, Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2, Windows Server 2008, Windows Server 2008 Foundation, Windows Server 2008 R2, Windows Server 2012, Windows Vista

You can alter client routing tables with your connection profile in order to better manage your network traffic and security. You can include a routing table update file in the connection profile, provide a URL to an update file hosted on a server, or both. You can choose to undo any routing changes you made when the connection ends.

Routing table update files are plain-text files that you can create and edit in any plain-text editor, such as Notepad. The files you create or edit modify the routes on client computers. You can manage significant network security requirements by including update files in your connection profile. The benefits include the ability to:

  • Control user access to a corporate intranet

  • Route all users through the same remote access server

  • Redirect Internet traffic for VPN connections without using a proxy server

You can provide update files for use in a connection profile in one of three ways:

  • Include a file with the connection profile package (static)

  • Include a URL to a file with the connection profile and host the file on a Web server (dynamic)

  • Include a static file with the connection profile and include a URL to an additional file

You can distribute an update file by including it with a connection profile. When the user installs the profile, the file is installed in the same directory as the profile. You should consider two factors when designing a profile using this method of distribution. The routes in the file on the client computer are not secure, and you must create and distribute another profile if you want to update the file.

ImportantImportant
If the user is not logged on with administrative credentials for the client computer, routing table updates are not be applied. The user is still able to connect using your connection profile, but the routes on the client computer are not updated.

ImportantImportant
The user cannot connect if the client computer cannot find the routing table update file you include in a connection profile.

ImportantImportant
You should not change the value of the Gateway_On_Remote key when using routing table updates. By default, the dial-up entry and the VPN entry have Make this connection the default gateway selected. Leave this default in place, and remove any gateways by using the REMOVE_GATEWAY command in the routing table update file itself.

You can provide a URL to an update file hosted on a Web server. The file is downloaded every time the user completes the connection. The user cannot easily review any file you distribute in this way. You can also update that file at any time.

If you provide a URL to an update file hosted on a Web server, you must make two additional decisions. The first is whether to terminate the connection if the server is unreachable. The second is whether to delete the default gateway on the client computer.

You can provide an update file with the connection profile and a URL to an additional update file. This approach allows more flexibility in your design. You can add or delete routes as necessary to the hosted file, but you cannot change the file included with the connection profile without recreating and redistributing the profile. You still need to decide whether to terminate the connection if the Web server is unreachable and whether to delete the default gateway on the client computer.

Routing table update files are constructed as plain-text files. Each line in those files adds or deletes a route. The syntax of each line is as follows:

Command Destination MASK Netmask Gateway METRIC Metric IF Interface

Certain parameters can contain the value of default. In those cases, the appropriate information from the client computer is used. The table below provides more information on each parameter:

 

Parameter Description

Command

Commands are one of the following:

  • ADD adds a route.

  • DELETE deletes a route.

  • REMOVE_GATEWAY removes the default gateway.

Destination

Specifies the destination IP address on the target network.

MASK

Specifies that the next parameter is the netmask value.

Gateway

Specifies the gateway. Should contain the value of default.

METRIC

Specifies that the next parameter is the cost for the destination. Should contain the value of default. The METRIC parameter is optional, and its default value is 1.

IF

Specifies that the next parameter is the interface number. Should almost always contain the value of default.

Therefore, if you want the connection to follow a different route, you could include a line in your update file similar to the following example:

ADD 192.168.123.231 MASK 255.255.255.0 default METRIC default IF default

To delete a route, you could include a line in your update file similar to the following example:

DELETE 192.168.123.232 MASK 255.255.255.0 default METRIC default IF default

ImportantImportant
If your update file includes a delete command for a non-existent route, the connection will fail.

To remove the default gateway, you can add the following line to the update file:

REMOVE_GATEWAY

Unlike adding or removing a route, no further syntax is required after the REMOVE_GATEWAY command.

During the connection process, update files are applied in a specific sequence. You should keep this sequence in mind when you design your profile.

  1. All update files are retrieved.

  2. If you provide an update file with the connection profile (static file), routing information from that file is applied to the client computer first.

  3. If you provide a URL to an update file, routing information from that file is applied to the client computer after the static file. The downloaded file is then immediately deleted.

  4. If you included the REMOVE_GATEWAY command in either update file, this command is executed after all other routes have been applied.

Because of this order of precedence, a dynamic file could add routes, replace routes specified in the static file included with the connection profile, or both.

If you use the default interface value, the routing changes you specify are reversed when the user disconnects.

Was this page helpful?
(1500 characters remaining)
Thank you for your feedback

Community Additions

ADD
Show:
© 2014 Microsoft