Sending additional routes to VPN server clients automatically
When utilizing segments or when clients need to access remote networks connected through a VPN tunnel, you may be required to send additional routing information to clients connected to the VPN server.
İpucu
The following configuration may not be necessary if the client uses the connection to the server as its primary Internet connection, and thus, the default route already works over that connection.
To send a route to the VPN server client on the Keenetic device, you can use a special dhcp route
command. This command also allows you to send routes to other network objects on the server side to the clients (in the DHCP INFORM option). The commands mentioned in this article should be executed in the router's command-line interface (CLI).
Let's assume that a route to the 192.168.10.0
network (with mask 255.255.255.0
, i.e. /24
bit) is required to be sent to the clients.
For an SSTP VPN server, the command has the format sstp-server dhcp route ‹address› ‹mask›
. For example:
sstp-server dhcp route 192.168.10.0/24 system configuration save
To disable the setting, we must enter the same command, prefixed with no
.
no sstp-server dhcp route 192.168.10.0/24 system configuration save
Similarly, for a PPTP VPN server, the command has the format vpn-server dhcp route ‹address› ‹mask›
. We need to enter:
vpn-server dhcp route 192.168.10.0/24 system configuration save
Disabling:
no vpn-server dhcp route 192.168.10.0/24 system configuration save
For an L2TP/IPSec VPN server, the command would have the format crypto map VPNL2TPServer l2tp-server dhcp route ‹address› ‹mask›
. For example:
crypto map VPNL2TPServer l2tp-server dhcp route 192.168.10.0/24 system configuration save
To disable the setting, the command is as follows:
no crypto map VPNL2TPServer l2tp-server dhcp route 192.168.10.0/24 system configuration save
For an IKEv2 server, the command would have the format crypto map VirtualIPServerIKE2 virtual-ip dhcp route {network}
. For example:
crypto map VirtualIPServerIKE2 virtual-ip dhcp route 192.168.10.0/24 system configuration save
For an IKEv1 server, the command would have the format crypto map VirtualIPServer virtual-ip dhcp route {network}
. For example:
crypto map VirtualIPServer virtual-ip dhcp route 192.168.10.0/24 system configuration save
To disable the above settings, use the no
prefix at the beginning of the main command line. For example:
no crypto map VirtualIPServerIKE2 virtual-ip dhcp route 192.168.10.0/24 system configuration save
For more information, see Command Reference Guides in the İndirme Merkezi.