When utilizing segments or when clients need to access remote networks connected through an IPSec tunnel, you may be required to send additional routing information to clients connected to the VPN server.
TIP: Note: The following configuration may not be necessary if the client uses the connection to the server as its primary Internet connection, and thus, the default route already works over that connection.
To send a route to the VPN server client on the Keenetic device, you can use a special DHCP route command. This command also allows you to send routes to other network objects on the server side to the clients (in the DHCP INFORM option). The commands mentioned in this article should be executed in the router's command-line interface (CLI).
Let's assume that a route to 192.168.10.0 network (with mask 255.255.255.0, i.e. /24 bit) is required to be sent to the clients.
- For an SSTP VPN server, the command has the format sstp-server dhcp route ‹address› ‹mask›. For our example, we will need to enter the commands:
sstp-server dhcp route 192.168.10.0/24
system configuration save
To disable the setting, we must enter the same command, prefixed with no.
no sstp-server dhcp route 192.168.10.0/24
system configuration save
- Similarly, for a PPTP VPN server, the command has the format vpn-server dhcp route ‹address› ‹mask›. We need to enter:
vpn-server dhcp route 192.168.10.0/24
system configuration save
Disabling:
no vpn-server dhcp route 192.168.10.0/24
system configuration save
- For an L2TP/IPSec VPN server, the command would have the format crypto map VPNL2TPServer l2tp-server dhcp route ‹address› ‹mask›. Example commands:
crypto map VPNL2TPServer l2tp-server dhcp route 192.168.10.0/24
system configuration save
To disable the setting, the command is as follows:
no crypto map VPNL2TPServer l2tp-server dhcp route 192.168.10.0/24
system configuration save
- For an IKEv2 server, the command would have the format crypto map VirtualIPServerIKE2 virtual-ip dhcp route {network}. Example commands:
crypto map VirtualIPServerIKE2 virtual-ip dhcp route 192.168.112.0/24
system configuration save
- For an IPsec (Virtual IP) server, the command would have the format crypto map VirtualIPServer virtual-ip dhcp route {network}. Example commands:
crypto map VirtualIPServer virtual-ip dhcp route 192.168.112.0/24
system configuration save
To disable the above settings, use the no prefix at the beginning of the main command line. For example:
no crypto map VirtualIPServerIKE2 virtual-ip dhcp route 192.168.112.0/24
system configuration save
For more information, see Command Reference Guides.