On XP, it is possible to configure split tunnelling by disabling the "Use default gateway on remote network". The routes that should be routed over the VPN can then be configured on a DHCP server which the RRAS server uses to pass to the VPN client. On Vista, this functionality appears to be broken. The Vista routing table does not get updated with the new routes passed from the DHCP server. Without "Use default gateway on remote network" setting enabled, only the subnet of the VPN-assigned IP address is routed over the VPN. All other networks are routed through the Internet connection. Anyone found a solution to this problem?

Hi, Thank you for the post. From the description I understand that the Windows Vista machines cannot receive the DHCP Classless Static Routes option (option number 249) information when they connect to the VPN Server. In this case, please install the hotfix 933340 and refer to the steps in the KB article 933340 (http://support.microsoft.com/?id=933340). To request the hotfix, please click the following link: https://support.microsoft.com/contactus2/emailcontact.aspx?scid=sw;en;1410&WS=hotfix Hope it helps. Sincerely, Joson Zhou Microsoft Online Community Support

Hi, Joson! Applying the hotfix did not solve the problem. Also, SP1 does not solve the problem. Any suggestions?

Here is what I found to correct the split tunneling issue: (I only tested this with a Microsoft RRAS server) 1) If the RRAS server isa Microsoft RRAS Server, itmust be set up as both a router and RAS server 2) If the RRAS server isa Microsoft RRAS Server, it must be set up to allow broadcast name resolution 3) If the RRAS server isa Microsoft RRAS Server, it must be set up to use DHCP for address assignment 4) The RRAS server must have a DHCP relay agent installed and configured to point to a working DHCP server 5) There must be a working WINS server set up in the environment, and... 6) The DHCP server must give out the address of the working WINS server along with 0x8 as the node type Interestingly, it looks like the RRAS server needs to be a Microsoft RRAS server for this to work. (Can you say antitrust lawsuit? I think Microsoft is already familiar with that concept.) It is important to note that Windows XP, Linux, and the Mac OS do not need all of these conditions to be met in order to work properly. Vista along with its counterpart, Windows Server 2008, are the only two operating systems that require such an extravagant set up to work properly. So, what do all of us do when we VPN into a site that is using exclusively DNS in their environment (ie no WINS)? Vista will corruptits routing table when that environment uses a 10.x.x.x/24 network. What if the network administrator has eliminated the chance of a broadcast storm by disabling the broadcast name resolution capability, and has properly configured DNS to handle all of that? Once again, Vista will corrupt its routing table when that environment uses a 10.x.x.x/24 network. These are real world scenarios that were created by those network administrators who followed Microsoft's recommendations with Windows Server 2000 and 2003 for configuring an efficient network environment. Now Microsoft has released a product that goes back to the old days when Windows 95 was new, and you needed WINS in your environment for everybody to be able to gain access to network resources across routers. Nice job, Microsoft! Sending all of us back to the days of the Dinosaur, so to speak... Is there EVER going to be a fix for this? (Or has Microsoft completely lost their understanding of modern networking?) Please, Microsoft, give us a fix for Vista's and Server 2008's VPN issues!