SQL Tip #1 | VPN Tip #1 | VPN Tip #2

Back Tips

SQL Tip #1

VPN Tip #1

VPN Tip #2

Cisco VPN Client on Windows 2003 Server

Cisco's official stance is that their VPN Client 4.x.x is not supported on Windows 2003 Server because it is a client program.  Well, phooey.

I'm not the only person in the World who does their development work on Windows 2003 Server because it is the most accurate representation of the deployment environment, so I had to make it work.

The following has been tested with 4.0.3 B and D.

The good news is that the client application installs and runs just fine on Windows 2003 Server.  The bad news is that it doesn't seem to actually do anything. This is wrong however - it does work.

When you achieve connection using the Client VPN, you will find, if you run IPCONFIG, that an additional 'virtual' Ethernet adaptor has been created, representing the adaptor that must be used to reach addresses inside the target network.

The problem seems to be that it fails in its attempts to set up entries in our old friend the route table that tell Windows to use this virtual Ethernet adaptor to reach subnets inside the firewall.  Some kind of authorization issue on 2003, perhaps?

Anyway, armed with this knowledge, the solution is clear; after achieving connection, run a script that determines the IP address of the virtual Ethernet adaptor (unfortunately it is not always the same) and create appropriate route table entries for the addresses that are needed.  Here's one written in VBScript:

Dim o, WshShell, x, FIXED_ADDRESS, newAddress, TARGET

FIXED_ADDRESS = "192.168.0.101" ' This PC
TARGET = "10.12.100.0"

newAddress = ""
Set WshShell = CreateObject("WScript.Shell")

' Eliminate the current setting
Set o = WshShell.Exec("route delete " & TARGET)

' Now find the address to add
Set o = WshShell.Exec("ipconfig")
do while not o.StdOut.AtEndOfStream
  x = o.StdOut.ReadLine()
  x = Left(x,Len(x) - 1)  ' Remove the trailing CR
  x = LTrim(RTrim(x))
  if Left(x, 10) = "IP Address" then
     if Right(x, Len(FIXED_ADDRESS)) <> FIXED_ADDRESS then
        s = Split(x, " ")
        newAddress = s(UBound(s))
     end if
  end if
loop
if newAddress <> "" then
   command = "route add " & TARGET & " mask _
       255.255.255.0 " & newAddress
   Set o = WshShell.Exec(command)
else
   WScript.Echo "Failed to locate new address"
end if

Now, what would be nice would be a mechanism in the VPN Client to run such a script.  And in fact, there is!  Unfortunately, the command you specify is executed before the connection is established, and the above must obviously be done after, so I put it as an entry in my Start menu.