Page 1 of 1
Split tunneling
Posted: Tue Feb 08, 2022 12:46 pm
by ralvesson
Hi I have setup a SE server so 2 client win10 PCs can see each other in a Hub and one connect the other via RDP. My setup includes secure NAT and DHCP active with only 2 IP addreses (192.168.30.10 and 11 available) with no default gataway being pushed to the clients when they connect. In the client PCs I am also using the Win10 VPN L2tp with IPSEC built in client....THE PROBLEM I am having is that when the clients stablish the VPN tunnel they loose the Internet...as I understand it I have to push to the clients a static route to achieve split tunneling ...given my setup what would be the route to push ? Thanks in advance for your help.
CaptureHUB configuration.PNG
CaptureHUB configuration.PNG
Capture route to push.PNG
Re: Split tunneling
Posted: Tue Feb 08, 2022 11:24 pm
by solo
Your SNAT configuration is correct for split tunneling and there is no need to push any routes. An SE client works fine with the config. Can you post the output of "netstat -r" from your L2TP/IPsec client after VPN connection?
Re: Split tunneling
Posted: Wed Feb 09, 2022 8:23 pm
by ralvesson
Hi. Thanks for your help.
The connection is only stablished i see f the "Use remote DG" is clicked and since the server has no DG to assign (see previous SE setup Virtual NaAT screens) I can not access the internet on the client PC...The problem is that my users can not install SE client app and must use the Windows L2tp windows connection.......please see the attached screens including:
Capture using remote DG is only way it connects to vpn.PNG
Capture netstat .PNG
Re: Split tunneling
Posted: Wed Feb 09, 2022 11:34 pm
by solo
Try this:
- uncheck the "Automatic metric" on the adapter
- set metric above 4265, eg 5000
Re: Split tunneling
Posted: Thu Feb 10, 2022 2:04 am
by solo
It'd be worth exploring why a connection can not be established when "Use default gateway on remote network" is unchecked.
Can you post the output of "netstat -r" from your L2TP/IPsec client after attempting a VPN connection, when...
- "Use default gateway on remote network" is OFF
- "Disable class based route addition" is OFF
- "Automatic metric" is ON
...and also try to ping 192.168.30.1
Re: Split tunneling
Posted: Thu Feb 10, 2022 12:04 pm
by ralvesson
Hi Thanks for your help.
1) I was able to connect Ok with split tunneling when:
"Use default gateway on remote network" is OFF
- "Disable class based route addition" is OFF
and Automatic metric ON
and I am able to ping 192.168.30.1 Ok.
2) attached is the netstat when the above connection is ON
Please see attached files
nestat -r with Use default gateway OFF and class based route addition is OFF and Automatic metric is ON .PNG
Connection stablished Ok with split tunneling when these conditions applied.PNG