Windows PowerShell script for adding IP routes across a VPN
At my office we use a Microsoft ISA server for our firewall/VPN server. We have three discreet IP subnets within our private network. 192.168.5.0/24, 192.168.6.0/24, and 192.168.7/24. When I establish a VPN connection from the external network I get an IP address on the 192.168.6.0/24 network.
I have my VPN connection set up to not use the default gateway on the remote network. This prevents all of my internet traffic from being routed over the VPN while I am connected to it… the problem is that if I need to access a resource on the 192.168.5.0/24 or 192.168.7.0/24 networks, I have to manually add routes to them across the VPN.
The process was:
- Find out what IP I was assigned on the VPN
- Add an IP route to 192.168.5.0/24
- Add an IP route to 192.168.7.0/24
If I was always assigned the same IP address on the VPN, I could have just put the commands in a batch file, but the IP address is dynamically assigned from a DHCP server and is always different than it was the last time. So this is what I used to do:
That is a lot of typing! I’d been meaning to play around with Windows PowerShell anyhow, and decided to write a script to automate this task in PowerShell. This is what I came up with:
# vpn.ps1
#
# Add IP routes across a VPN via a DHCP assigned IP address
#
# Get the IP address of the VPN connection
$vpnip = ipconfig | findstr "192.168.6."
# If we don't have an IP address on the VPN, error and quit
if (!$vpnip) {
"You do not have an IP address on the VPN"
exit
}
# Trim any leading/trailing whitespace
$vpnip = $vpnip.Trim()
# Split the contents of $vpnip in to an array
$vpnip = $vpnip.Split(" ")
# Find out the depth of our IP address in the array
$bit = $vpnip.Length - 1
# Get out just our IP address on the VPN
$vpnip = $vpnip[$bit]
# Add whatever routes we need
route add 192.168.5.0 MASK 255.255.255.0 $vpnip
route add 192.168.7.0 MASK 255.255.255.0 $vpnip
I save the script as vpn.ps1 and put it in my “scripts” directory in my profile directory. Then I just put a shortcut on my desktop to powershell.exe C:\Users\chillman\scripts\vpn.ps1. Now I just connect to the vpn, launch my shortcut and I’m ready to go. Hopefully this will be useful to someone.
on January 13th, 2009 at 12:40 am
Great article. just what i was looking for.
on May 7th, 2009 at 9:23 pm
Hi mate,
Any idea how to automatically execute that script after a connection has been established to the VPN?
on March 9th, 2010 at 8:33 am
Hi.
Here is a ps1 script that takes the interface name, the ip to route and the ipmask and routes an ip trough a interface. It can be a vpn or a normal network card. It utilizes route.exe for route adding and .net for NIC IP determination. It also deletes a route.
param(
[string] $InterfaceName = “Grupo Visabeira”,
[string] $IP2Route = “192.168.3.138″,
[string] $IPMask = “255.255.255.255″,
[SWITCH] $Delete)
#$delete = $true
IF ($Delete){
$local:res = route delete $IP2Route
IF ($local:res -match ‘OK!’){”Route $IP2Route Deleted”}
ELSE{”Error Deleting $IP2Route: $local:res”}
}else{
[reflection.assembly]::LoadWithPartialName(”System.Net”) | Out-Null
$local:nic = [system.net.networkinformation.networkinterface]::GetAllNetworkInterfaces()|Where-Object {$_.name -eq $InterfaceName}
if ($local:nic.OperationalStatus -eq ‘Up’) {
$local:interfaceIP = ($local:nic.GetIPProperties().unicastaddresses|where {$_.ipv4Mask -ne ‘0.0.0.0′}).Address.IPAddressToString
if ($local:interfaceIP) {
$local:res = route add $IP2Route MASK $IPMask $interfaceIP
IF ($local:res -match ‘OK!’){”Interface [$InterfaceName] Connected and Route $IP2Route Added”}
ELSE{”Error Adding $IP2Route in Interface $InterfaceName : $local:err”}
}
}else{”Network Interface [$InterfaceName] Not Connected”}
}
on October 6th, 2010 at 4:21 pm
[…] So I thought to my self that there should be a better way to do this. With some basic Googling I quickly came up with an elegant solution. The first step towards the solution was a piece found on this blog. The blog discribes the very same problem that I was facing and provides a simple Powershell script that handles the routes. This Powershell script although it does what is need efficiently didn’t completely satisfy me. […]
on October 8th, 2010 at 3:34 pm
If the user has the check box under:
right click on vpn
click properties
click networking tab
highlight tcp/ip
click properties
click advanced
and buried here you find a check box which adds their pptp as a gateway
This causes the script to return 2 answers when findstr for the ip.
this breaks the script bad. Instead of the proposed line. use the following and modify the ip to what you require. This filters it down to one result, making the script work ALWAYS.
ipconfig | findstr /c:”IP Address. . . . . . . . . . . . : 10.3.1.”
enjoy.