Using Routing Tables With SoftEther

[dajhorn]

Assuming that the "Home" network is the Internet connection, the `route add` is incorrect.

Routes to the proxy host must go through the TAP interface created by the SoftEther client.

[sdack]

I use a batch script for Windows to change the routing table. It looks like this:

@echo off
set GW=192.168.0.1
set VPNGW=10.211.254.254

route DELETE 0.0.0.0 MASK 0.0.0.0
route ADD 0.0.0.0 MASK 0.0.0.0 %GW% METRIC 1000
route ADD 0.0.0.0 MASK 0.0.0.0 %VPNGW% METRIC 1001

route DELETE 54.208.0.0 MASK 255.255.0.0
route ADD 54.208.0.0 MASK 255.255.0.0 %VPNGW% METRIC 1

route DELETE 206.82.0.0 MASK 255.255.0.0
route ADD 206.82.0.0 MASK 255.255.0.0 %VPNGW% METRIC 1

route DELETE 211.43.0.0 MASK 255.255.0.0
route ADD 211.43.0.0 MASK 255.255.0.0 %VPNGW% METRIC 1

...

What it does is to remove the default route (0.0.0.0) and then adds the two gateways for the default route, but with different metrics. Then follow several networks with a metric of 1 that are to be accessed over the VPN connection.

The lower the metric value the higher the priority of the route. In this example will most traffic still go over my default gateway 192.168.0.1 and only the traffic to 54.208.0.0, 206.82.0.0 and 211.43.0.0 gets routed over the VPN connection. The VPN connection is never used as a default route even when I have added it here. I do this to avoid SoftEther from adding it with a low metric, which I do not want here. So I set it here with a metric of 1001.

Hope this help.

[dajhorn]

> The lower the metric the higher the priority of the route.

This is a correct assumption in theory, but Windows routing doesn't work like that in practice.


> In this example will most traffic still go over my default gateway...

Nope, this script is almost certainly broken. Refer to the Windows routing documentation.

The best and easiest solution for Microsoft Windows clients is to set "static classless" routes through a DHCP server or a domain GPO.

Alternatively, you can get the desired result at the console without changing the default route, probably with one "route add" for each remote network.

Also ensure that all persistent routes are removed. This computer could have a messy network configuration because the -p switch was used earlier.

I have this non-trivial configuration on my Windows 8 computer. You want something like the 192.168.68.0 route here, which goes through SoftEther. Notice how the default gateway has the lowest metric.


IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.138 10
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.1.0 255.255.255.0 On-link 192.168.1.138 266
192.168.1.138 255.255.255.255 On-link 192.168.1.138 266
192.168.1.255 255.255.255.255 On-link 192.168.1.138 266
192.168.68.0 255.255.255.0 192.168.1.136 192.168.1.138 11
192.168.113.0 255.255.255.0 On-link 192.168.113.1 276
192.168.113.1 255.255.255.255 On-link 192.168.113.1 276
192.168.113.255 255.255.255.255 On-link 192.168.113.1 276
192.168.203.0 255.255.255.0 On-link 192.168.203.1 276
192.168.203.1 255.255.255.255 On-link 192.168.203.1 276
192.168.203.255 255.255.255.255 On-link 192.168.203.1 276
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.1.138 266
224.0.0.0 240.0.0.0 On-link 192.168.113.1 276
224.0.0.0 240.0.0.0 On-link 192.168.203.1 276
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.1.138 266
255.255.255.255 255.255.255.255 On-link 192.168.113.1 276
255.255.255.255 255.255.255.255 On-link 192.168.203.1 276
===========================================================================
Persistent Routes:
None

[sdack]

dajhorn wrote:
> > The lower the metric the higher the priority of the route.
>
> This is a correct assumption in theory, but Windows routing doesn't work like that in
> practice.
>
>
> > In this example will most traffic still go over my default gateway...
>
> Nope, this script is almost certainly broken. Refer to the Windows routing
> documentation.

I was not arguing. I am using the script. Thank you.

[dajhorn]

> I was not arguing. I am using the script. Thank you.

Neither am I, and I'm glad that it works for you, but other people doing web searches for this kind of problem should know that this is a poor solution.

Per usual, the SoftEther documentation describes generally good solutions.

[sdack]

dajhorn wrote:
> > I was not arguing. I am using the script. Thank you.
>
> Neither am I ...

Yes, you are. Learn the difference. Shut up now.

[dajhorn]

> Yes, you are. Learn the difference. Shut up now.

Nah, I'm way too stubborn for that. I'm sorry that your feelings are hurt; students are usually more grateful when I help them with school assignments.

[sdack]

dajhorn wrote:
> > Yes, you are. Learn the difference. Shut up now.
>
> Nah, I'm way too stubborn for that. I'm sorry that your feelings are hurt; students
> are usually more grateful when I help them with school assignments.

My feeling are not hurt either. Just stop.