How to Automatically Add Static Routes After VPN Connection in Windows 7 Using Command Line and Scripts


2 views

When establishing VPN connections in Windows 7, many network administrators and developers face the recurring need to manually add static routes after each connection. While the ROUTE ADD command works, executing it repeatedly becomes tedious, especially when dealing with multiple subnets or frequent VPN reconnections.

Windows VPN connections typically use the default gateway of the remote network, which might not include all necessary subnets. The common manual solution:

ROUTE ADD 10.1.0.0 MASK 255.255.0.0 172.16.3.0 METRIC 1

needs automation for efficiency.

Create a batch file (vpn_routes.bat) with your specific routes:

@echo off
:MAIN
TIMEOUT /T 5 > nul
ROUTE ADD 10.1.0.0 MASK 255.255.0.0 172.16.3.0 METRIC 1
ROUTE ADD 192.168.10.0 MASK 255.255.255.0 172.16.3.0 METRIC 2

Use Windows Task Scheduler to run the script after VPN connection:

  1. Create basic task triggered on event
  2. Log: Microsoft-Windows-RasClient/Operational
  3. Event ID: 20225 (VPN connected)
  4. Action: Start program (your batch file)

For more control, use this PowerShell script (Add-VpnRoutes.ps1):

$vpnInterface = Get-NetAdapter | Where-Object {$_.InterfaceDescription -like "*VPN*"}
while (-not $vpnInterface) {
    Start-Sleep -Seconds 5
    $vpnInterface = Get-NetAdapter | Where-Object {$_.InterfaceDescription -like "*VPN*"}
}

$gateway = (Get-NetRoute -InterfaceIndex $vpnInterface.ifIndex -DestinationPrefix "0.0.0.0/0").NextHop

route add 10.1.0.0 mask 255.255.0.0 $gateway metric 1
route add 192.168.10.0 mask 255.255.255.0 $gateway metric 2

For routes that should survive reboots, add the -p flag:

ROUTE -p ADD 10.1.0.0 MASK 255.255.0.0 172.16.3.0

Note: Persistent routes are stored in the registry at HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes

For some cases, configuring the VPN connection's DNS suffix in adapter properties may provide sufficient routing without manual routes.

When establishing VPN connections in Windows 7, network administrators often need to manually add specific routes to access remote subnets. The standard command-line approach using ROUTE ADD becomes tedious when connecting frequently.

Windows 7 includes PowerShell 2.0, which we can leverage to create automatic route additions. Here's a comprehensive solution:


# VPNRouteAutomator.ps1
$vpnName = "YourVPNConnectionName"
$targetNetwork = "10.1.0.0"
$subnetMask = "255.255.0.0"
$gateway = "172.16.3.0"

function Add-VPNRoute {
    param (
        [string]$connectionName,
        [string]$network,
        [string]$mask,
        [string]$gw
    )
    
    $vpn = Get-VpnConnection -Name $connectionName -ErrorAction SilentlyContinue
    if ($vpn -and $vpn.ConnectionStatus -eq "Connected") {
        $existingRoute = route print | Select-String "$network\s+$mask"
        if (-not $existingRoute) {
            Start-Process -FilePath "route.exe" -ArgumentList "add $network mask $mask $gw" -Verb RunAs -Wait
            Write-Host "Route added successfully: $network/$mask via $gw"
        } else {
            Write-Host "Route already exists"
        }
    } else {
        Write-Warning "VPN connection not found or not connected"
    }
}

Add-VPNRoute -connectionName $vpnName -network $targetNetwork -mask $subnetMask -gw $gateway

You have several options to execute this automatically:

Task Scheduler Method


1. Create basic task in Task Scheduler
2. Trigger: On event - RasClient source, event ID 20225 (VPN connected)
3. Action: Start program - powershell.exe
4. Arguments: -ExecutionPolicy Bypass -File "C:\path\to\VPNRouteAutomator.ps1"

Batch File Alternative

For environments where PowerShell isn't available:


@echo off
:check_vpn
ping -n 1 10.1.0.1 > nul
if errorlevel 1 (
    timeout /t 5 > nul
    goto check_vpn
)
route add 10.1.0.0 mask 255.255.0.0 172.16.3.0

For more complex scenarios, consider these enhancements:


# Multiple route version
$routes = @(
    @{Network="10.1.0.0"; Mask="255.255.0.0"; Gateway="172.16.3.0"},
    @{Network="192.168.1.0"; Mask="255.255.255.0"; Gateway="172.16.3.0"}
)

foreach ($route in $routes) {
    Add-VPNRoute -connectionName $vpnName 
                 -network $route.Network 
                 -mask $route.Mask 
                 -gw $route.Gateway
}

Common issues and solutions:

  • Ensure the script runs with administrator privileges
  • Verify the VPN connection name matches exactly (case-sensitive)
  • Check for existing routes with route print before troubleshooting
  • Test connectivity with ping -t 10.1.0.1 during VPN connection