When establishing a PPTP VPN connection from within a Remote Desktop session, the RDP connection immediately drops. This occurs because the VPN client modifies the routing table in a way that disrupts the existing RDP connection path. Let's break down the technical specifics observed in your scenario:
Local Network (10.1.1.0/24) → RDP to Win Vista Machine (10.1.1.132) → PPTP VPN to External (192.168.0.0/24)
The key insight comes from comparing the routing tables before and after VPN connection:
// Before VPN connection
0.0.0.0 0.0.0.0 10.1.1.254 10.1.1.132 20
10.1.1.0 255.255.255.0 On-link 10.1.1.132 276
// After VPN connection
192.168.0.0 255.255.255.0 192.168.0.254 192.168.0.234 267
remote-vpn-ip 255.255.255.255 10.1.1.254 10.1.1.132 21
To maintain RDP connectivity while VPN is active, we need to implement interface-specific routing. Here's how to configure it properly:
:: Batch script to set persistent routes
@echo off
REM Backup current routing table
route print > C:\route_backup.txt
REM Add persistent route for RDP traffic via primary NIC
route -p add 10.1.1.0 mask 255.255.255.0 10.1.1.254 if 15 metric 1
REM Add route for VPN traffic via secondary NIC
route -p add 192.168.0.0 mask 255.255.255.0 192.168.0.254 if 16 metric 2
REM Verify configuration
route print
For more precise control, use PowerShell to manage routes:
# Get interface indexes
$NICs = Get-NetAdapter | Select-Object -Property Name,InterfaceIndex,InterfaceDescription
# Set interface-specific routing
New-NetRoute -InterfaceIndex 15 -DestinationPrefix "10.1.1.0/24" -NextHop "10.1.1.254" -PolicyStore ActiveStore
New-NetRoute -InterfaceIndex 16 -DestinationPrefix "192.168.0.0/24" -NextHop "192.168.0.254" -PolicyStore ActiveStore
# Set route metrics to prioritize local network
Set-NetIPInterface -InterfaceIndex 15 -InterfaceMetric 1
Set-NetIPInterface -InterfaceIndex 16 -InterfaceMetric 10
In your PPTP VPN connection properties, ensure these settings:
- Unchecked "Use default gateway on remote network"
- Configured split tunneling (if supported)
- Set proper authentication protocols (MS-CHAP v2 recommended)
When issues persist, these diagnostic commands help:
# Continuous ping test
ping -t 10.1.1.132
# Trace route analysis
tracert -d 10.1.1.132
# Network adapter diagnostics
netsh interface ipv4 show interfaces
netsh interface ipv4 show route
The disconnection occurs because the VPN client (Computer #2) modifies the routing tables when establishing the PPTP connection. Although "Use Default Gateway on Remote network" is unchecked, certain routing changes still affect the RDP session's connectivity.
Examining the routing tables reveals the critical changes:
Before VPN:
0.0.0.0/0 → 10.1.1.254 (Default route)
After VPN:
192.168.0.0/24 → 192.168.0.254 (VPN network route added)
remote-vpn-ip/32 → 10.1.1.254 (Host route to VPN server)To properly implement the dual-NIC approach:
# Configure NIC priorities in Windows (PowerShell):
Set-NetIPInterface -InterfaceAlias "Ethernet 2" -InterfaceMetric 10
Set-NetIPInterface -InterfaceAlias "Ethernet" -InterfaceMetric 20
# Verify binding order:
Get-NetIPInterface | Sort-Object -Property InterfaceMetricCreate persistent routes to maintain RDP connectivity:
# Add persistent route for local subnet (run as Administrator):
route -p add 10.1.1.0 mask 255.255.255.0 10.1.1.254 if [interface_index]
# For VPN-specific routing:
route -p add [remote-vpn-ip] mask 255.255.255.255 10.1.1.254 if [interface_index]Modify the VPN connection properties:
# Registry tweak to prevent route modification (Windows Vista/7):
reg add "HKLM\SYSTEM\CurrentControlSet\Services\PolicyAgent" /v "AssumeUDPEncapsulationContextOnSendRule" /t REG_DWORD /d 0x2 /fConfigure a proper split-tunnel setup:
# Example PowerShell script to modify VPN routes:
Add-VpnConnectionRoute -ConnectionName "YourVPN" -DestinationPrefix 192.168.0.0/24
Remove-VpnConnectionRoute -ConnectionName "YourVPN" -DestinationPrefix 0.0.0.0/0Adjust the binding order programmatically:
# PowerShell script to force VPN traffic through specific NIC:
$vpnAdapter = Get-NetAdapter | Where-Object {$_.Name -like "*VPN*"}
Set-NetIPInterface -InterfaceIndex $vpnAdapter.ifIndex -InterfaceMetric 60000