Where does Add-VpnConnectionRoute store its information

Consider the following PowerShell command:

Add-VpnConnectionRoute -ConnectionName "SomeConnection" -DestinationPrefix 10.0.0.0/16 -AllUserConnection

After executing this command, whenever the VPN SomeConnection is connected to, Windows will automatically add an IP route for 10.0.0.0/16, and will automatically remove the route upon disconnection.

I'm seeking some insight into how this works, and I would like to find out where this information is saved in Windows. In other words, where does Windows store the instruction that "When connecting to VPN SomeConnection, add a route for 10.0.0.0/16"?

Opening up the system phonebook in notepad (C:\ProgramData\Microsoft\Network\Connections\Pbk\rasphone.pbk) I see lots of settings, but nowhere is the text 10.0.0.0. So it doesn't appeared to be stored in there with the rest of the settings. This means it's either in some other system file, or somewhere in the registry.

Anyone know where that might be?


Solution 1:

They are in the pbk file.

NumRoutes stores the number of routes, and Routes represents the routes data, however this is not documented to my knowledge so it can change at any time.

From a pbk file:

[...]
NumRoutes=1
Routes=0A00000002000000180000000A0006000000000000000000000000000000000000000000
[...]

Solution 2:

Did some playing around with this earlier with the powershell command "Add-VpnConnectionRoute" and looking at the changes to the rasphone.pbk file. I managed to discover that each route entry is 72 Hex characters in length whether its IPv4 or IPv6. Each line is no longer than 136 characters (including the "Route=") and they are wrapped together:

172.16.0.0/12
NumRoutes=1
Routes=01000000020000000C000000AC1000000000000000000000000000000000000000000000

172.16.0.0/12 & 192.168.0.0/16
NumRoutes=2
Routes=01000000020000000C000000AC1000000000000000000000000000000000000000000000010000000200000010000000C0A80000000000000000000000000000
Routes=0000000000000000

172.16.0.0/12, 192.168.0.0/16 & 10.0.0.0/8
NumRoutes=3
Routes=01000000020000000C000000AC1000000000000000000000000000000000000000000000010000000200000010000000C0A80000000000000000000000000000
Routes=00000000000000000100000002000000080000000A0000000000000000000000000000000000000000000000


2001:2001:2001:2001::/64
NumRoutes=1
Routes=010000001700000040000000200120012001200100000000000000000000000000000000


  Ver?     IPv4   prefix ln address
01000000 02000000 0C000000 AC100000 0000000000000000000000000000000000000000 = 172.16.0.0/12
01000000 02000000 10000000 C0A80000 0000000000000000000000000000000000000000 = 192.168.0.0/16
01000000 02000000 08000000 0A000000 0000000000000000000000000000000000000000 = 10.0.0.0/8

  Ver?     IPv6   prefix ln address
01000000 17000000 40000000 20012001200120010000000000000000 0000000000000000 = 2001:2001:2001:2001::/64

I push the VPN settings out via a GPO preference along with an .ini file update to set "DisableIKENameEkuCheck", "IpNBTFlags" & (currently) "IpPrioritizeRemote" in the rasphone.pbk file. I'd like to disable "Use default gateway on remote network" and add static routes for split tunnelling.