ipconfig /allcompartments

A short post on the MCT newsgroup led me on a bit of a search tonight … what is a compartment? Vague memories of reading about this when Vista and Server 2008 was released sent me searching the Net. The Windows 2008 Reviewers Guide has a good paragraph (on page 102):

“Routing Compartments

To prevent unwanted forwarding of traffic between interfaces for VPN configurations, the Next-Generation TCP/IP stack supports routing compartments. A routing compartment is the combination of a set of interfaces with a login session that has its own IP routing tables. A computer can have multiple routing compartments that are isolated from each other. Each interface can only belong to a single compartment.

For example, when a user initiates a VPN connection across the Internet with the TCP/IP implementation in Windows XP, the user’s computer has partial connectivity to both the Internet and a private intranet by manipulating entries in the IPv4 routing table. In some situations, it is possible for traffic from the Internet to be forwarded across the VPN connection to the private intranet. For VPN clients that support routing compartments, the Next-Generation TCP/IP stack isolates the Internet connectivity from the private intranet connectivity with separate IP routing tables.”

So, another tool to use when troubleshooting VPN connections, in Vista and above, the command ipconfig /allcompartments /all will show the details of the different routes packets can take to their destination. Great security feature, preventing rogue traffic from your Internet connection possibly getting inside your Corporate LAN.

targets down, patch out.

Wayne