1.28.2015

How to Force Windows to Use the Correct Default Gateway

Many of us will end up using our home PCs to not only connect out to the internet, but also to connect to our home labs. You may be using an Ethernet connection out to the internet and a wireless connection to your home lab, or vice versa. The following diagram is an example of such a set up.


The issue here is that if you are trying to connect to the home lab via telnet,ssh or remote into a server your connection will most likely fail. You may notice that you can connect to the lab's wireless access point and it's gateway at 10.1.200.1 but beyond that you get nothing. Some simple commands and a little exploring can shed some light on this issue. First let's open up an elevated command prompt. (Right click Command Prompt and click Run As Administrator)

Notice Ping failure and wrong default gateway on tracert.
Here we see that we cannot reach the AAA server when we ping 10.0.17.10. Next we run a tracert 10.0.17.10 command. Notice that the PC has chosen to send to the wrong default gateway of 192.168.1.1 (or out towards the internet). Since your home internet router is likely unaware of how to reach the 10.0.0.0 network this will result in a connection failure.

Ping to wireless gateway is successful
Next let's try a ping 10.1.200.1 which is the default gateway of the lab wireless access point we are connected to. Notice that this time it is successful. This is because the IP that we are pinging is on the same network as the wireless adapter on our PC. Anything beyond this 10.1.200.0/24 network and the PC will always use the wired gateway (192.168.1.1), causing a failure. So how do we get around this problem?

Add a route to Windows
Simple. We need to tell windows where to send traffic destined for a specific network by adding to the static route to the Route Table. Type command route add -p 10.0.0.0 mask 255.0.0.0 10.1.200.1 in the command prompt. This command tells our computer that anything destined for the 10.0.0.0/8 network, send it to the wireless gateway of 10.1.200.1 (which we know our PC can reach).  Next we verify the route.

Verify the added route.
Now just type route PRINT -4 into the command prompt. This tells the PC to show the current IPv4 routes it has in its table. The -p in the command allows the route to be a Persistaent Route meaning it will still be there after the computer is rebooted. Most likely you will want this. With -p the route will be stored in the registry key at:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes

If for any reason you need to remove this route just use the command route remove -p 10.0.0.0 mask 255.0.0.0 10.1.200.1

Success
There we have it! We can now successfully connect to the AAA server in our home lab. As an added bonus, because we added the 10.0.0.0/8 route to our PC's route table, now we can reach any IP in the lab that begins with 10.x.x.x! Hope this helps!

No comments:

Post a Comment