我连接到的 VPN 不允许使用拆分隧道,基本上会重新路由我的互联网流量,速度很慢。此外,更重要的是,这也有效地将我的机器从本地 LAN 中移除。
我正在寻找一种方法来修改 Windows 7 上的路由表,以便像往常一样路由 Internet 流量和本地 LAN 连接,并将 VPN 流量限制到 10.0.53.0 网络,但虽然我知道如何删除路由和添加路由,但我不明白我到底需要重新路由什么。
我的网络如下所示:
- 192.168.192.0-我的本地局域网
- 192.168.192.1-我的路由器
- 192.168.192.2-我的电脑
- 10.0.53.0-VPN 网络
- 10.0.53.1-VPN 网关
这是我的未连接 VPN 时的路由(ipconfig + route print):
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . : lan
Link-local IPv6 Address . . . . . : fe80::3449:3fc8:6133:b564%11
IPv4 Address. . . . . . . . . . . : 192.168.192.2
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.192.1
Tunnel adapter isatap.lan:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : lan
Tunnel adapter Local Area Connection* 9:
Connection-specific DNS Suffix . :
IPv6 Address. . . . . . . . . . . : 2001:0:5ef5:79fd:8fa:15c1:a65b:dce4
Link-local IPv6 Address . . . . . : fe80::8fa:15c1:a65b:dce4%14
Default Gateway . . . . . . . . . : ::
===========================================================================
Interface List
11...00 16 e6 dc 32 b6 ......Marvell Yukon 88E8052 PCI-E ASF Gigabit Ether
ontroller
1...........................Software Loopback Interface 1
13...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
14...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.192.1 192.168.192.2 20
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.192.0 255.255.255.0 On-link 192.168.192.2 276
192.168.192.2 255.255.255.255 On-link 192.168.192.2 276
192.168.192.255 255.255.255.255 On-link 192.168.192.2 276
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.192.2 276
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.192.2 276
===========================================================================
Persistent Routes:
None
以下是 VPN 连接时的路由(ipconfig + route print):
Ethernet adapter Local Area Connection 5:
Connection-specific DNS Suffix . : emporion.hr
Link-local IPv6 Address . . . . . : fe80::e127:bf06:eff3:f18e%26
IPv4 Address. . . . . . . . . . . : 10.0.53.21
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 10.0.53.1
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . : lan
Link-local IPv6 Address . . . . . : fe80::3449:3fc8:6133:b564%11
IPv4 Address. . . . . . . . . . . : 192.168.192.2
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.192.1
Tunnel adapter isatap.lan:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : lan
Tunnel adapter Local Area Connection* 9:
Connection-specific DNS Suffix . :
IPv6 Address. . . . . . . . . . . : 2001:0:5ef5:79fd:8fa:15c1:a65b:dce4
Link-local IPv6 Address . . . . . : fe80::8fa:15c1:a65b:dce4%14
Default Gateway . . . . . . . . . : ::
===========================================================================
Interface List
26...00 05 9a 3c 78 00 ......Cisco Systems VPN Adapter for 64-bit Windows
11...00 16 e6 dc 32 b6 ......Marvell Yukon 88E8052 PCI-E ASF Gigabit Ether
ontroller
1...........................Software Loopback Interface 1
13...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
14...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.192.1 192.168.192.2 20
0.0.0.0 0.0.0.0 10.0.53.1 10.0.53.22 21
10.0.53.0 255.255.255.0 On-link 10.0.53.22 276
10.0.53.22 255.255.255.255 On-link 10.0.53.22 276
10.0.53.255 255.255.255.255 On-link 10.0.53.22 276
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.192.0 255.255.255.0 On-link 192.168.192.2 276
192.168.192.0 255.255.255.0 10.0.53.1 10.0.53.22 276
192.168.192.1 255.255.255.255 On-link 192.168.192.2 100
192.168.192.2 255.255.255.255 On-link 192.168.192.2 276
192.168.192.2 255.255.255.255 10.0.53.1 10.0.53.22 276
192.168.192.255 255.255.255.255 On-link 192.168.192.2 276
213.147.99.115 255.255.255.255 192.168.192.1 192.168.192.2 100
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.192.2 276
224.0.0.0 240.0.0.0 On-link 10.0.53.22 276
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.192.2 276
255.255.255.255 255.255.255.255 On-link 10.0.53.22 276
===========================================================================
Persistent Routes:
Network Address Netmask Gateway Address Metric
0.0.0.0 0.0.0.0 10.0.53.1 1
===========================================================================
答案1
您的问题与您使用的 vpn 客户端版本有关。如果是 cisco 客户端,cisco 已修复此问题,32 位版本为 5.0.07.0410-k9,64 位版本为 5.0.07.0440-k9。
其他情况你需要做以下事情:
- 删除所有静态添加的路由(网络或默认路由)
路由删除 0.0.0.0
将本地默认路由的度量更改为最佳“1”
路线添加-p 0.0.0.0 MASK 0.0.0.0 192.168.192.1 METRIC 1
确保您的 vpn 服务器(我认为这个 IP 是 213.147.99.115)可以通过本地网关访问
路线添加-p 213.147.99.115 MASK 255.255.255.255 192.168.192.1 METRIC 1
在“route print”的输出中,确保通过这条路由可以到达你的本地网络
192.168.192.0 255.255.255.0 链接中 192.168.192.2 276
192.168.192.0 255.255.255.0 10.0.53.1 10.0.53.22 276
和
路由更改 192.168.192.0 掩码 255.255.255.0 192.168.192.1 度量 1
- 当 vpn 连接时,将远程网络的网关更改为分配给您的 cisco vpn 客户端的 IP 地址 - 在您的 ipconfig 中它是 10.0.53.22 - 并将度量更改为 10(因为 < 276)以确保此路由有效。
路线改变10.0.53.0掩码255.255.255.0 10.0.53.22度量10
如果失败,请先删除该路线,然后使用“route ADD”重新添加
答案2
我刚刚做了这个。不是允许 vpn 使用默认网关,我可以通过 vpn 将所有流量传输到远程网络,其余的则通过我的路由器进行常规路由。
在 vpn“nic”上,网络->ipv4->属性->高级->ip-settings 删除“在远程网络中使用默认网关”中的勾选
(或者类似的东西,我的 Windows 8 是丹麦语)
答案3
您也可以使用 Powershell 启用拆分隧道。例如,在 Windows 10 中,“在远程使用默认网关”选项不可访问。
Set-VpnConnection -Name vpn-connection-name -SplitTunneling $true
答案4
- 删除所有指向
10.0.53.1网关的路由。 - 添加一条通过同一网关来
10.0.53.0掩码的路由。255.255.255.0