VPN IPSec Site2Site without split tunnel
VPN IPSec Site2Site without split tunnel
Hello,
I just got my new ER605 connected through ipsec to another vpn site. Everythings works great except I cant figure out how to route ALL traffic throught the vpn tunnel.
My wish is: destination 0.0.0.0/0 uses VPN Tunnel
So i want to disable the split tunneling. How can I achieve that?
TIA
- Copy Link
- Subscribe
- Bookmark
- Report Inappropriate Content
@th1950 Not taking away from the fact that they should consider this option to fix/add the feature, could you not achieve the same effect now while you wait via a work around something like:
- Copy Link
- Report Inappropriate Content
- Copy Link
- Report Inappropriate Content
@th1950 The two subnet rules I gave you are essentially equivalent to the 0.0.0.0/0 route.
- Copy Link
- Report Inappropriate Content
@d0ugmac1 Indeed this is a very nice approach!! This is real networking!
But now I have this problem:
But then I have to calculate like hell for my local subnet. So it seems like another fix TPLINK should adress. My connected /24 local subnet should always take precedence over a /1 /2 whatever netmask. Just to inform you, I could do this for one single ER605 Router, but I need more than 120 routers to configure. :) But thank you, it just shows its possible and it should be possible for TPLINK to address this issue. I can think of why TPLINK has made this decision, maybe because of the CLoud management connection. They could except somehow traffic destined for their tplink cloud to go over the WAN connection and everybody would be just happy. Im confident TPLINK is serving their customers the best way and hope for a solution.
- Copy Link
- Report Inappropriate Content
- Copy Link
- Report Inappropriate Content
Haha ye! Everybody would be just happy. I openend a ticket at TPLINK support. Ill keep this thread updated. Hoping for R&D Team to recognize this and implementation in a near future firmware release. Thank you all very much for your ideas and help.
- Copy Link
- Report Inappropriate Content
by default settings, won't do that. and I don't think it is supposed to do that. if you achieve this, this is more than a thing about the tplink. you need to specify the gateway and create routing tables on the hq central site as well.
at least what I learned about vpn, I checked huawei business solutions for a similar setup or user guide for what you described. amazon vpn as well.
https://docs.aws.amazon.com/vpn/latest/s2svpn/VPNRoutingTypes.html
what I see is static routing on amazon's or huawei's docs.
however, you need to take priority into consideration. as far as I know, tplink router will have priority in nat related settings. policy, port forward, static route or vpn route, they have a priority.
instead of tweaking remote subnets, you need to focus on the route tables.
even you set a static routing, does it affect the existed vpn routing. that's a question.
i don't think you set the remote subnet would fix it.
and if you set 1.0.0.0/1, what's the point in the 3rd rule?
- Copy Link
- Report Inappropriate Content
Information
Helpful: 1
Views: 2501
Replies: 17
Voters 0
No one has voted for it yet.