Skip to main content

User Manual

Sending additional routes to VPN server clients automatically

When utilizing segments or when clients need to access remote networks connected through a VPN tunnel, you may be required to send additional routing information to clients connected to the VPN server.

Tip

The following configuration may not be necessary if the client uses the connection to the server as its primary Internet connection, and thus, the default route already works over that connection.

To send a route to the VPN server client on the Keenetic device, you can use a special dhcp route command. This command also allows you to send routes to other network objects on the server side to the clients (in the DHCP INFORM option). The commands mentioned in this article should be executed in the router's command-line interface (CLI).

Let's assume that a route to the 192.168.10.0 network (with mask 255.255.255.0, i.e. /24 bit) is required to be sent to the clients.

For an SSTP VPN server, the command has the format sstp-server dhcp route ‹address› ‹mask›. For example:

sstp-server dhcp route 192.168.10.0/24
system configuration save

To disable the setting, we must enter the same command, prefixed with no.

no sstp-server dhcp route 192.168.10.0/24
system configuration save

Similarly, for a PPTP VPN server, the command has the format vpn-server dhcp route ‹address› ‹mask›. We need to enter:

vpn-server dhcp route 192.168.10.0/24
system configuration save

Disabling:

no vpn-server dhcp route 192.168.10.0/24
system configuration save

For an L2TP/IPSec VPN server, the command would have the format crypto map VPNL2TPServer l2tp-server dhcp route ‹address› ‹mask›. For example:

crypto map VPNL2TPServer l2tp-server dhcp route 192.168.10.0/24
system configuration save

To disable the setting, the command is as follows:

no crypto map VPNL2TPServer l2tp-server dhcp route 192.168.10.0/24
system configuration save

For an IKEv2 server, the command would have the format crypto map VirtualIPServerIKE2 virtual-ip dhcp route {network}. For example:

crypto map VirtualIPServerIKE2 virtual-ip dhcp route 192.168.10.0/24
system configuration save

For an IKEv1 server, the command would have the format crypto map VirtualIPServer virtual-ip dhcp route {network}. For example:

crypto map VirtualIPServer virtual-ip dhcp route 192.168.10.0/24
system configuration save

To disable the above settings, use the no prefix at the beginning of the main command line. For example:

no crypto map VirtualIPServerIKE2 virtual-ip dhcp route 192.168.10.0/24
system configuration save

For more information, see Command Reference Guides in the Download Center.

In this section: