Q: How to troubleshoot a VPN failure to access the Internet
A: Many companies set up their own VPN network, to the company's mobile office users to provide access. But in most cases, many users find that as long as the VPN, the original normal network browsing, QQ and other access to the Internet communications have been broken, and local LAN access (across the network segment) also die.
For a long time I have thought that this fault is a common problem of VPN network, no way to solve. Once a friend of the provinces to our business, their company is the letter of the VPN software, the results found that he even after the other network segments are also very normal access.
The author was puzzled, so careful study, finally found the difference when the routing table is displayed (at the Command Prompt window, type: Route print, linked to the VPN routing table, as shown).
After a generic VPN connection, the system automatically loads a "8 0" route entry, pointing the default gateway to the VPN network gateway, metric to 1. Destination network: 0.0.0.0, Mask: 0.0.0.0. Represents all network addresses, that is, all destination networks do not indicate where to go in specific routing entries, and communications that are not in this network segment are forwarded to the specified default gateway and then routed by the gateway.
And metric is the measure of the route entry, inversely proportional to the priority. It can be seen that all access to the non-local network segment is forwarded to the VPN gateway instead of the original. The original 8-0 metric of the default route is changed to 2. In the case where the destination address in the routing entry is the same, the smaller the metric, the higher the corresponding priority, when only the previous metric 1 route is valid and the local gateway fails, so accessing the Internet is certainly difficult.
As you can see in the diagram, the first gateway (gateway) for 172.16.1.1 routing is the default route for the local network, metric is changed to 2. The default route that adds a second 8 0 is the route of the VPN connection, and the metric value is 1. At this point, we only have to modify the second route, so that only the purpose of 192.168.0.0/24 the network segment to the VPN gateway, while other access still go to the local gateway.
So we're going to remove the second route first, the command is: route delete 0.0.0.0 mask 0.0.0.0 192.168.0.3; Then add a new route entry, the command is: Route add 192.168.1.0 Mask 255.255.255.0 192.168.0.3. This allows the original local default route to function again to resolve the problem.
Note: The route command is used to manage the system routing table. A routing entry is typically made up of "purpose or destination (destination)", "netmask" (Netmask), and "Gateway". The command to display the routing table is route print; Adding a static routing command is the route add target Mask Gateway. Also, if the-p argument is not added, the new route is not saved and disappears after the reboot. The command to delete a route entry is "Route add target Mask Gateway"; the command to change one route is the "Route shift target mask Gateway."