My PC is set up with a VPN to an office. In order for some officey things to work, the VPN Client apparently needs to be set so that all network traffic is routed through the VPN gateway. Trouble is, this means that any internet activity becomes unbearably slow.

This PC has two NICs in it. Is it possible to set things up so that traffic destined for VPN via the office goes through one NIC and everything else goes through the other, not via the VPN?

I've had a google around looking at route tables, but it might as well be in Chinese for all the sense I can make out of it, so if it is possible then examples arranged as for an idiot would be nice.

I'm using XP Pro, by the way.

Thanks!

Step 1: post the results from "netstat -r" from before you establish the VPN connection, and then again from after your VPN connection is in place.

I have a similar setup to yours. Adding/changing routes is very easy.

(Eek, unreadable - hang on)

Sounds promising, thanks !

Well, I can't find an easy way to format that output nicely in the forum editor, so I'm sorry about this but it's bitmap time:

Before the VPN Connection is made:
http://img.photobucket.com/albums/v507/richardm/BeforeVPN.jpg

After the VPN Connection is made:
http://img.photobucket.com/albums/v507/richardm/AfterVPN.jpg

Hope that's not too inconvenient...

OK, note the differences. In particular, your VPN connection has changed the metric (think of this as the "cost" of the route, the lower the "cost", the better that this route for a particular network be chosen) for the default gateway. In your case, it's changed the metric for your 2 interfaces to 25, and created a different default gateway through the pseudo-interface at 191.100.121.198 (this is like a new network adaptor in your system).

You need to change these metrics to make all non-VPN traffic go back through your real interfaces:

route change 0.0.0.0 mask 0.0.0.0 192.168.1.1 metric 1
route change 0.0.0.0 mask 0.0.0.0 191.100.121.193 metric 25

Since it appears to have flipped the metrics for all your other explicit routes, you might need to fiddle around with these as well, but you get the gist. Probably a little bit of experimentation might be necessary.

You can check with a "tracert" to see which route has been chosen for a particular IP address, e.g. tracert forums.randi.org (now why did I choose that as an example ;)).

Thanks! Well, I'll persist with experimenting but so far it's a bit discouraging. The two changes you suggested didn't make any difference, so as per your suggestion I tried flipping all the ones I was allowed to (some of them wouldn't let me change them, giving me an error instead). This is what I ended up with:
http://img.photobucket.com/albums/v507/richardm/VPNRerouted.jpg

- after all that it was still no go, with no access to either internet or VPN.

Is it possible that the VPN software is actively preventing me from making the necessary changes?

It turns out that the VPN in question encrypts all network traffic when it's in that configuration, so it totally screws everything else. So it's no-go. Thanks anyway!

Wait a minute. Does this help any?

http://stevenharman.net/blog/archive/2007/01/26/VPN_Connections_and_Default_Gateways.aspx

Yes, unchecking that setting means you'll still have to manipulate the routing tables some. But the point is that not all traffic has to go through the "encryption tunnel", so when you uncheck that, you can separate out the traffic.

At least I think that's what that link is getting at. I do want to stare at that info s'more, as well as get advice from greater networking brains than I regarding this.