Split tunneling
-
ralvesson
- Posts: 8
- Joined: Sun May 19, 2019 7:16 am
Split tunneling
Hi I have setup a SE server so 2 client win10 PCs can see each other in a Hub and one connect the other via RDP. My setup includes secure NAT and DHCP active with only 2 IP addreses (192.168.30.10 and 11 available) with no default gataway being pushed to the clients when they connect. In the client PCs I am also using the Win10 VPN L2tp with IPSEC built in client....THE PROBLEM I am having is that when the clients stablish the VPN tunnel they loose the Internet...as I understand it I have to push to the clients a static route to achieve split tunneling ...given my setup what would be the route to push ? Thanks in advance for your help.
You do not have the required permissions to view the files attached to this post.
-
solo
- Posts: 1679
- Joined: Sun Feb 14, 2021 10:31 am
Re: Split tunneling
Your SNAT configuration is correct for split tunneling and there is no need to push any routes. An SE client works fine with the config. Can you post the output of "netstat -r" from your L2TP/IPsec client after VPN connection?
-
ralvesson
- Posts: 8
- Joined: Sun May 19, 2019 7:16 am
Re: Split tunneling
Hi. Thanks for your help.
The connection is only stablished i see f the "Use remote DG" is clicked and since the server has no DG to assign (see previous SE setup Virtual NaAT screens) I can not access the internet on the client PC...The problem is that my users can not install SE client app and must use the Windows L2tp windows connection.......please see the attached screens including:
The connection is only stablished i see f the "Use remote DG" is clicked and since the server has no DG to assign (see previous SE setup Virtual NaAT screens) I can not access the internet on the client PC...The problem is that my users can not install SE client app and must use the Windows L2tp windows connection.......please see the attached screens including:
You do not have the required permissions to view the files attached to this post.
-
solo
- Posts: 1679
- Joined: Sun Feb 14, 2021 10:31 am
Re: Split tunneling
Try this:
- uncheck the "Automatic metric" on the adapter
- set metric above 4265, eg 5000
- uncheck the "Automatic metric" on the adapter
- set metric above 4265, eg 5000
-
solo
- Posts: 1679
- Joined: Sun Feb 14, 2021 10:31 am
Re: Split tunneling
It'd be worth exploring why a connection can not be established when "Use default gateway on remote network" is unchecked.
Can you post the output of "netstat -r" from your L2TP/IPsec client after attempting a VPN connection, when...
- "Use default gateway on remote network" is OFF
- "Disable class based route addition" is OFF
- "Automatic metric" is ON
...and also try to ping 192.168.30.1
Can you post the output of "netstat -r" from your L2TP/IPsec client after attempting a VPN connection, when...
- "Use default gateway on remote network" is OFF
- "Disable class based route addition" is OFF
- "Automatic metric" is ON
...and also try to ping 192.168.30.1
-
ralvesson
- Posts: 8
- Joined: Sun May 19, 2019 7:16 am
Re: Split tunneling
Hi Thanks for your help.
1) I was able to connect Ok with split tunneling when:
"Use default gateway on remote network" is OFF
- "Disable class based route addition" is OFF
and Automatic metric ON
and I am able to ping 192.168.30.1 Ok.
2) attached is the netstat when the above connection is ON
Please see attached files
1) I was able to connect Ok with split tunneling when:
"Use default gateway on remote network" is OFF
- "Disable class based route addition" is OFF
and Automatic metric ON
and I am able to ping 192.168.30.1 Ok.
2) attached is the netstat when the above connection is ON
Please see attached files
You do not have the required permissions to view the files attached to this post.