Setting VPN to go through certain IPs and not others
I'm a scientific programmer with a loose grasp of what goes on under the hood in my small home network so bear with me whilst I try and explain using the correct words if possible.
My home network of five PCs (Windows 7, Vista, 2003, 2 x XP) uses the 192.168.0.0 range of IP addresses. My ADSL router is 192.168.0.1 and is set to do DHCP and all that good stuff. So far, so good. Most importantly I can connect to my local web server on 192.168.0.42.
I frequently have to connect up to a client's VPN using Checkpoint SecureClient. When I do so I'm given a 10.something IP address on the 'virtual' network card.
If I'm connected to the VPN I can no longer connect to my 192.168.0.42 web server.
How can I tell my PCs to only go via the VPN for anything beginning 10.* and to stay 'local' for everything else?
(below added following Chris Thorpe's answer)
BTW I don't see the VPN connection under Control Panel. I just see my physical NIC. Here's what I see running ipconfig, if that helps:
Ethernet adapter Local Area Connection* 6:
Connection-specific DNS Suffix . : <removed for security!>
IPv4 Address. . . . . . . . . . . : 10.14.2.130
Subnet Mask . . . . . . . . . . . : 255.255.255.128
Default Gateway . . . . . . . . . :
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . :
IPv4 Address. . . . . . . . . . . : 192.168.0.101
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.0.1
(another edit following gravyface's response)
A route print gives 50+ lines of routing info. Here's some lines if that helps...
===========================================================================
Interface List
11 ...54 ec 6d 95 66 05 ...... Check Point Virtual Network Adapter For SecureClient
8 ...00 19 d1 6a 79 cb ...... Intel(R) 82566DC Gigabit Network Connection
1 ........................... Software Loopback Interface 1
===========================================================================
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.0.1 192.168.0.101 10
10.0.2.0 255.255.255.0 10.14.2.129 10.14.2.130 1
10.1.0.0 255.255.0.0 10.14.2.129 10.14.2.130 1
10.2.0.0 255.254.0.0 10.14.2.129 10.14.2.130 1
10.4.0.0 255.255.0.0 10.14.2.129 10.14.2.130 1
<lots of 10.* removed>
<some seemingly random IP addresses removed until we get to the 192.168 >
192.168.0.0 255.255.255.0 On-link 192.168.0.101 266
192.168.0.0 255.255.255.0 10.14.2.129 10.14.2.130 1
192.168.0.101 255.255.255.255 On-link 192.168.0.101 266
192.168.0.101 255.255.255.255 10.14.2.129 10.14.2.130 1
192.168.0.255 255.255.255.255 On-link 192.168.0.101 266
192.168.0.255 255.255.255.255 10.14.2.129 10.14.2.130 1
192.168.4.0 255.255.255.0 10.14.2.129 10.14.2.130 1
192.168.16.0 255.255.255.0 10.14.2.129 10.14.2.130 1
192.168.64.0 255.255.255.0 10.14.2.129 10.14.2.130 1
192.168.67.0 255.255.255.0 10.14.2.129 10.14.2.130 1
192.168.120.0 255.255.255.0 10.14.2.129 10.14.2.130 1
192.168.125.0 255.255.255.0 10.14.2.129 10.14.2.130 1
192.168.140.0 255.255.255.0 10.14.2.129 10.14.2.130 1
192.168.150.0 255.255.255.0 10.14.2.129 10.14.2.130 1
192.168.250.3 255.255.255.255 10.14.2.129 10.14.2.130 1
192.168.250.8 255.255.255.254 10.14.2.129 10.14.2.130 1
192.168.253.1 255.255.255.255 10.14.2.129 10.14.2.130 1
192.168.253.2 255.255.255.255 10.14.2.129 10.14.2.130 1
192.168.254.3 255.255.255.255 10.14.2.129 10.14.2.130 1
192.168.254.8 255.255.255.254 10.14.2.129 10.14.2.130 1
192.168.254.10 255.255.255.255 10.14.2.129 10.14.2.130 1
192.168.255.1 255.255.255.255 10.14.2.129 10.14.2.130 1
192.168.255.2 255.255.255.255 10.14.2.129 10.14.2.130 1
<some other non 192.168* removed>
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 10.14.2.130 256
255.255.255.255 255.255.255.255 On-link 192.168.0.101 266
===========================================================================
Persistent Routes:
None
IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
1 306 ::1/128 On-link
1 306 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
Solution 1:
Go into:
- Control Panel -> Network Connections -> find your VPN connection
- Right-click it and select properties.
- Find the TCP/IP settings and then the 'advanced' settings pane.
- Untick 'use default gateway on remote network'
Solution 2:
The CheckPoint VPN client should be doing split tunneling by default, that is, there will be a route (you can run print route to see what I mean) that directs all traffic destined to the 10.0 subnet to your VPN interface/gateway. If it isn't then you can uncheck it:
right-click Systray icon > Settings > Properties of your profile > Advanced tab > "Route all traffic through gateway" or something like that and uncheck it.
What this means is that you shouldn't have any problems getting to your webserver by IP but perhaps the CheckPoint is changing your DNS settings? Do you have a DNS server running? i.e. do you normally access your webserver via IP (http://192.168.0.42) or DNS?