Hey There,
I'm trying to configure windows PPTP clients to receive routes to private subnets (other than the DMZ they are dialing into) without using the PPTP link as the default gateway. I'm close to moving to IPSec instead, but there are other obstacles to overcome before I make that call. I have various clients including Windows, Mac and iPads/iPhones, that need to be able to PPTP into a DMZ but also get routes for other private subnets through the PPTP link. The various 'solutions' I've tried include:
- On Windows clients adding routes once the VPN is up
- Using DHCP option 33 to deliver host routes
- Using DHCP option 249 to deliver network routes
- And of course, using the default gateway option within the Windows PPTP client
The default gateway option is a no go, as people want to browse the Internet on their local routers without saturating the HQ link while doing so. The script to add the routes post link up is too falable in my opinion. The only access that is given once connected, is to web server front ends, Citrix, custom apps, etc... so having clients on both their local Internet and the private network at the same time is not a big deal, firewalling keeps things at bay.
What I'm trying to acheive now, is getting DHCP option 249 (or 33 as a last resort) working down the PPP initiation. Those options work fine on the LAN, but I cannot figure out, and I'm failing to find anything on the web (which tells me this is a bad idea) about how to do this.
If anyone can provide assistance it would be greatly appreciated. In the meantime I might just start prep'ing for an IPSec implementation (more issues to solve with that one), but if this cannot be done, I would really like to know whay.
Cheers
