What is "Disable class based route addition" good for?
With default gateway pointing into VPN
When you set up a VPN, the Windows default is to enable Use default gateway on remote network
. A new default route is added to the routing table pointing to the remote network's gateway, and the existing default route has its metric increased to force all Internet traffic to traverse the tunnel and use the remote network's gateway. All traffic uses the VPN, and traffic destined for the outside world is directed to the remote gateway. When the VPN drops, the route to the remote gateway is removed and the original default route is set back to the original metric.
Without default gateway pointing into VPN
Unchecking use default gateway on remote network
means that this new default route isn't added, so Internet traffic goes out the local gateway, but a new classful route is added to the routing table, using the local adapter's IP, pointing down the VPN. Only traffic destined for the classful network of the local adapter goes down the VPN. This may not be what you want. Checking Disable class based route addition
means that classful route isn't added to your machine when the VPN starts up, and you'll need to add the appropriate routes for networks that should be routed through the tunnel.
Further reading
Look up split tunneling for more on this topic.
class based route addition
comes into play when Use default gateway on remote network
is unticked.
What class based route addition means is that Windows will assume the size of the network at the other end based on the IP address received. There are ranges of IP addresses defined as being for networks of 256 addresses, and for 65536 addresses, and networks 256 times larger again... Not actually the way they are used, but a reasonable first pass assumption.
If turning on the VPN disables access to other parts of "your" network, then you have run into the problem this assumption causes... You could tick to disable the class route assumption, and add routes manually... (you would need specific knowledge of the remote end. The assumption is an effort to make it so you did not need in depth knowledge.)
Note that the 10.*
private range , common as used by Dlink modems,
is considered be an A class network, not ticking this option will mean your computer assumes ALL of 10.*
is accessible by this VPN. Seems wrong. One cure is to log into the modem and configure it to use a smaller network for the LAN...
e.g. 10.10.10.1/255.255.255.0
(10.10.10.0
to 10.10.10.255
)
In fact change the middle two to anything.. you can set it to 10.B.C.1 /255.255.255.0
where B and C is your choice, e.g. 10.200.201.1
...
192.168.X.Y addresses (used by most other modems/routers) are considered to be C class networks, which means that only the Y part there changes.. 256 addresses.
Therefore if you are setting up a private network you might like to use 10.X.Y.Z addresses everywhere, so that the PPtP can be set to "not default gateway" and still all fragments of the private network are accessible by VPN with no need for manual routes.
Dlink modem users would have to apply the fix to the LAN netmask, or add routes manually.
There is no such option in Windows 10, so you need to edit the phonebook file in %AppData%\Microsoft\Network\Connections\Pbk\rasphone.pbk
DisableClassBasedDefaultRoute=1