Connecting via ShrewSoft VPN client means no LAN internet access (Windows 7 64 bit) - any advice please?

Question

I have a Windows 7 64 bit desktop machine which is connected to a LAN.

I recently installed ShrewSoft VPN client v 2.1.7 on my machine so that I can connect to a license server hosted by my customer. They are running a Cisco VPN server and I originally tried (unsuccessfully!) to use the Cisco VPN client for Windows 64 bit but the default gateway wasn't being configured correctly after loading in my pcf file. Using ShrewSoft I am able to import the same pcf file, and successfully connect to the machine I need to using the VPN client software. The client machine I need to connect to has IP address 1.52.90.33.

The problem is that when I am connected to the customer network using the VPN client application (and after a few minutes) I lose my LAN internet connection. I can only presume that this is because, by default the ShrewSoft VPN client application automatically tunnels all traffic through the VPN connection. I know there is an option to switch off the "Tunnel All" option on the Policy tab of the application and enter a Remote Network Resource (to "Include" or "Exclude") as "Address" and "Netmask" IP addresses however I am not sure what I need to enter here.

Here is my ipconfig output before connecting to the VPN (with suffixes blanked out):

Windows IP Configuration


Ethernet adapter Local Area Connection:

   Connection-specific DNS Suffix  . : ***.***
   Link-local IPv6 Address . . . . . : fe80::8de3:9dbe:393a:33ba%11
   IPv4 Address. . . . . . . . . . . : 150.237.13.17
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 150.237.13.1

Tunnel adapter 6TO4 Adapter:

   Connection-specific DNS Suffix  . : ***.***
   IPv6 Address. . . . . . . . . . . : 2002:96ed:d11::96ed:d11
   Default Gateway . . . . . . . . . : 2002:c058:6301::c058:6301

Tunnel adapter Local Area Connection* 9:

   Connection-specific DNS Suffix  . :
   IPv6 Address. . . . . . . . . . . : 2001:0:4137:9e76:2cf9:38c4:6912:f2ee
   Link-local IPv6 Address . . . . . : fe80::2cf9:38c4:6912:f2ee%12
   Default Gateway . . . . . . . . . :

Tunnel adapter isatap.***.***:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : ***.***

Here is my route print output before connecting to the VPN:

===========================================================================
Interface List
 11...20 cf 30 9d ec 2a ......Realtek RTL8168D/8111D Family PCI-E Gigabit Ethern
et NIC (NDIS 6.20)
  1...........................Software Loopback Interface 1
 14...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter
 12...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
 13...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0     150.237.13.1    150.237.13.17      2
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
     150.237.13.0    255.255.255.0         On-link     150.237.13.17    257
    150.237.13.17  255.255.255.255         On-link     150.237.13.17    257
   150.237.13.255  255.255.255.255         On-link     150.237.13.17    257
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link     150.237.13.17    257
  255.255.255.255  255.255.255.255         On-link         12

Answer 1

Yes, before connecting, you need to untick the "Enable DNS" in "Name resolution" tab of the Shrewsoft connection. Then, after connecting, remove the route 0.0.0.0 that points to the newly obtained ip from vpn virtual adapter. Then manually add routes to networks you want to access over vpn adapter. This procedure will enable you to use your default internet connection while conected to vpn, but you'll have to do it every time. I've made me a batch file that i run after connect which adds/removes the routes.

Windows batch file (cmd.exe) commands:

route delete 0.0.0.0 mask 0.0.0.0 [your vpn ip]
route add [gateway in vpn network] mask [mask in vpn network] [your vpn ip]

Answer 2

Just sorted a similar issue myself. On ShrewSoft's Policy tab try deselecting "Obtain Topology Automatically or Tunnel All", and adding a remote resource of (assuming 1.52.90.33 is the only IP you need to access on the VPN side):

Type: Include
Address: 1.52.90.33
Netmask: 255.255.255.255

If you have multiple IPs you need to access simply change the netmask accordingly or add additional resources.

Answer 3

Have been fighting this for a couple of days with little to no luck but after changing some parameters have the tunnel connected, access to the device of interest and LAN access including internet.

This is what seems to working out for me:

General, Local Host, Adapter Mode, Use an existing adapter and current address.

Name Resolution, Enable DNS, Server Address #1, LAN gateway ip

Name Resolution, Enable DNS, DNS Suffix, local

Policy, Maintain Persistent Security Associations

Policy, Remote Network Resource, Include, IP of remote network, Subnet mask of remote network.