End-of-Life (EoL)

Example: Exclude Traffic from the VPN Tunnel on Windows Endpoints

To exclude traffic from the VPN tunnel after establishing the VPN connection, reference the following script from a command registry entry for a post-vpn-connect event. This enables you to selectively exclude routes and to send all other traffic through the VPN tunnel.
As a best practice, delete any exclude network routes that were previously added before adding the new exclude routes. In most cases, when a user moves between networks (such as when switching between Wi-Fi and a local network) the old network routes are automatically deleted. In the event that the old network routes persist, following this best practice ensures that traffic destined for the exclude routes will go through the gateway of the new network instead of the gateway of the old network.
For a script that you can copy and paste, go here.
@echo off REM Run this script (route_exclude) post-vpn-connect. REM Add exclude routes. This allows traffic to these network and hosts to go directly and not use the tunnel. REM Syntax: route_exclude <network1> <mask1> <network2> <mask2> ...<networkN> <maskN> REM Example-1: route_exclude REM Example-2: route_exclude REM Example-3: route_exclude REM Initialize 'DefaultGateway' set "DefaultGateway=" REM Use the route print command and find the DefaultGateway on the endpoint @For /f "tokens=3" %%* in (    'route.exe print ^|findstr "\<\>"'    ) Do if not defined DefaultGateway Set "DefaultGateway=%%*" REM Use the route add command to add the exclude routes :add_route if "%1" =="" goto end route delete %1 route add %1 mask %2 %DefaultGateway% shift shift goto add_route :end

Recommended For You