What is "Disable class based route addition" good for?

windows vpn routing tcpip
19,736

Solution 1

With default gateway pointing into VPN

When you set up a VPN, the Windows default is to enable Use default gateway on remote network. A new default route is added to the routing table pointing to the remote network's gateway, and the existing default route has its metric increased to force all Internet traffic to traverse the tunnel and use the remote network's gateway. All traffic uses the VPN, and traffic destined for the outside world is directed to the remote gateway. When the VPN drops, the route to the remote gateway is removed and the original default route is set back to the original metric.

Without default gateway pointing into VPN

Unchecking use default gateway on remote network means that this new default route isn't added, so Internet traffic goes out the local gateway, but a new classful route is added to the routing table, using the local adapter's IP, pointing down the VPN. Only traffic destined for the classful network of the local adapter goes down the VPN. This may not be what you want. Checking Disable class based route addition means that classful route isn't added to your machine when the VPN starts up, and you'll need to add the appropriate routes for networks that should be routed through the tunnel.

Further reading

Look up split tunneling for more on this topic.

Solution 2

class based route addition comes into play when Use default gateway on remote network is unticked.

What class based route addition means is that Windows will assume the size of the network at the other end based on the IP address received. There are ranges of IP addresses defined as being for networks of 256 addresses, and for 65536 addresses, and networks 256 times larger again... Not actually the way they are used, but a reasonable first pass assumption.

If turning on the VPN disables access to other parts of "your" network, then you have run into the problem this assumption causes... You could tick to disable the class route assumption, and add routes manually... (you would need specific knowledge of the remote end. The assumption is an effort to make it so you did not need in depth knowledge.)

Note that the 10.* private range , common as used by Dlink modems, is considered be an A class network, not ticking this option will mean your computer assumes ALL of 10.* is accessible by this VPN. Seems wrong. One cure is to log into the modem and configure it to use a smaller network for the LAN...
e.g. 10.10.10.1/255.255.255.0 (10.10.10.0 to 10.10.10.255)

In fact change the middle two to anything.. you can set it to 10.B.C.1 /255.255.255.0 where B and C is your choice, e.g. 10.200.201.1 ...

192.168.X.Y addresses (used by most other modems/routers) are considered to be C class networks, which means that only the Y part there changes.. 256 addresses.

Therefore if you are setting up a private network you might like to use 10.X.Y.Z addresses everywhere, so that the PPtP can be set to "not default gateway" and still all fragments of the private network are accessible by VPN with no need for manual routes.

Dlink modem users would have to apply the fix to the LAN netmask, or add routes manually.

Solution 3

There is no such option in Windows 10, so you need to edit the phonebook file in %AppData%\Microsoft\Network\Connections\Pbk\rasphone.pbk

DisableClassBasedDefaultRoute=1
Share:
19,736

Related videos on Youtube

JRoppert
Author by

JRoppert

Updated on September 17, 2022

Comments

  • JRoppert
    JRoppert almost 2 years

    In the advanced TCP/IP settings of a Windows VPN connection, I found a checkbox labeled Disable class based route addition. The checkbox is only enabled as long as Use default gateway on remote network is switched off.

    What is Disable class based route addition good for?

    Detailed instructions to find the settings:

    1. Open Properties of VPN connection
    2. Go to Networking tab
    3. Open Properties of Internet Protocol Version 4 (TCP/IPv4) (and/or TCP/IPv6)
    4. Click Advanced... button
    5. Change to IP Settings tab
    6. Here you can find the checkboxes mentioned above
  • David Gardiner
    David Gardiner about 8 years
    I'm using Windows 10 version 1511 and this option is available.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

custom route not working on windows
Can I add a static route to a VPN network if the default gateway IP is dynamic? (Windows 7)
Setting VPN to go through certain IPs and not others
How to use a Windows PC to share multiple network connections?
Problem with persistent routes and VPN connection in Windows 7
Stop VPN being used on internet traffic on Win 7
How can I make the Windows VPN route selective traffic (by destination network)?
No Internet access while being connected to VPN using Cisco VPN Client 5
How do I send traffic to specific IP addresses through VPN and others directly to the internet?
How to automatically assign a route to client in Windows Server PPTP VPN?