Sure, most VPN connections are used as full tunnels with a default route — but what if the VPN is for work, and you only need access to a specific list of resources through it?
While Windows isn’t nearly as flexible as *nix systems with their handy if-up/if-down scripts, there are elegant solutions available.
One of them relies on the built-in Task Scheduler, which — in my opinion — comes pretty close to perfection in Windows 7.
Straitforward solution#
Of course, we can create bat-files with a sequence of commands:
But what if we want to use the system “VPN connection” button in the tray?
Windows scheduler way#
In our case, we need to set up triggers for VPN connection and disconnection. (If there’s no need to restore specific system routes on disconnect, a single task may suffice.) When these triggers fire, they should launch a batch script. Here’s roughly how that setup might look.
We can create this triggers with these two commands:
1schtasks /create /F /RL HIGHEST /TN "Add VPN routes" /TR "C:\vpnroutes.bat /connect" /SC ONEVENT /EC System /MO "*[System[Provider[@Name='Rasman'] and (Level=4 or Level=0) and (EventID=20267)]] and *[EventData[Data='My VPN Connection']]"
1schtasks /create /F /RL HIGHEST /TN "Remove VPN routes" /TR "C:\vpnroutes.bat /disconnect" /SC ONEVENT /EC System /MO "*[System[Provider[@Name='Rasman'] and (Level=4 or Level=0) and (EventID=20268)]] and *[EventData[Data='My VPN Connection']]"
And now we need to create the script itself:
1@echo off
2rem ===========================================================================
3
4rem Routes to add on disconnect
5rem (Usually is not needed if you have a default route)
6rem Format: IP mask gateway
7rem route novpn: 10.0.0.0 255.0.0.0 172.16.0.1
8
9rem Routes to add on connect
10rem VPNIP will be replaced with the interface IP
11rem Format: IP mask gateway
12rem route vpn: 10.0.0.0 255.0.0.0 VPNIP
13rem route vpn: 192.168.0.0 255.255.0.0 VPNIP
14
15rem Name of the configured VPN connection
16set vpnname=My VPN Connection
17
18rem ===========================================================================
19
20setlocal EnableDelayedExpansion
21@set gw=
22
23for /F "tokens=2" %%i in ('netsh interface ipv4 show addresses "%vpnname%" ^| findstr IP') do @set vpnip=%%i
24
25if [%1]==[/connect] goto connect
26if [%1]==[/disconnect] goto disconnect
27
28echo Please select /connect or /disconnect option key!
29rem pause
30goto end
31
32:connect
33if "%vpnip%"=="" goto noip
34
35for /F "tokens=4,5,6" %%i in ('type %0 ^| findstr "^rem.*route"') do route delete %%i mask %%j
36for /F "tokens=4,5,6" %%i in ('type %0 ^| findstr "^rem.*route.*vpn"') do (
37set gw=%gw%%%k
38set gw=!gw:VPNIP=%vpnip%!
39route add %%i mask %%j !gw!
40)
41goto end
42
43:disconnect
44for /F "tokens=4,5,6" %%i in ('type %0 ^| findstr "^rem.*route"') do route delete %%i mask %%j
45for /F "tokens=4,5,6" %%i in ('type %0 ^| findstr "^rem.*route.*novpn"') do route add %%i mask %%j %%k
46goto end
47
48:noip
49echo Can't set gateway IP, check your settings
50goto end
51
52:end
53endlocal
54
55rem end of file
