Split Tunneling for L2TP VPN Client?
Hello! I am looking for a way for split tunneling in my L2TP VPN client. It is very obvious that when a client connects to the ER605 server, all traffic goes into the tunnel. I only want to limit the tunnel to the LAN of the ER605.
Any suggestions please?
Thanks.
- Copy Link
- Subscribe
- Bookmark
- Report Inappropriate Content
Hi @firefox111
Thanks for posting in our business forum.
What to do if you cannot access the remote network through Client-to-LAN/Site VPN tunnel
In Step 4, it is enabled by default. Windows enables it. So, you uncheck this one and it does not work in full tunnel work.
- Copy Link
- Report Inappropriate Content
The client I am referring to is an iPad with ios 17.1.2. I guess I need to research more on how to do the workaround on ios device.
update: in the L2TP setting in my iPad, I turned off the "Send all traffic". That theoretically enables split tunneling. However, I can no longer connect to the LAN of the VPN server! If I turn it back on, I can connect and manage the the LAN but it sends all traffic to the remote. Why? I guess this is an Apple IOS question. Any Apple iPad users here in this community?
- Copy Link
- Report Inappropriate Content
I think with my LAN and remote IP configuration (Class C), I will not be able to split tunnel! According to this article (https://www.tp-link.com/us/support/faq/3045/), I need to configure both LAN and remote IP's with Class A or Class B, and, the VPN IP Pool as well! Why?
- Copy Link
- Report Inappropriate Content
if you need split why not use a technology that can split, I recommend you look at OpenVPN or Wiregurad, both of these are very easy to split, both of these solutions are also modern solutions that are taking over more and more for L2TP and PPTP.
wireguard is also very fast if you want to try it
So give it a try :-)
- Copy Link
- Report Inappropriate Content
- Copy Link
- Report Inappropriate Content
Well, it turns out that I will NOT be able to use OVPN in my current situation. OpenVPN requires a Server IP Address not FQDN with DDNS. Unfortunately, I have to use Dynamic DNS for both my locations.
- Copy Link
- Report Inappropriate Content
If I have not misunderstood something, it was an iPad you had, when you have exported the OVPN file you change the server address to a fqdn address before you import the config into the OpenVPN client on your iPad
a config example, change what is marked in red before importing the file
client
dev tun
proto udp
remote my. dynamicip. net 1196
resolv-retry infinite
nobind
remote-cert-tls server
tls-version-min 1.2
verify-x509-name Pi4-2GB_fc315512-71cb-4bc1-ac82-3abdd8d10fa5 name
cipher AES-256-CBC
auth SHA256
auth-nocache
verb 3
- Copy Link
- Report Inappropriate Content
I see what you mean - change the ip address to fqdn in the .ovpn file before importing it to the client. BUT the ER605 OpenVPN configuration does NOT offer Split tunnel. I imported the certificate anyway and tested it on my iPad. With my iPad was connected to my iPhone's Hot Spot, I connected the iPad to the ER605 OpenVPN server. When I did a traceroute to Internet URL the route still went in the ER605's gateway. NOT to the iPhone's Internet connection! What the....
BTW, looks like your example was not generated from an ER605!
I have a TP-Link Archer AX73 WiFi 6 router and the OpenVPN server config in this router offers the option to only tunnel Local Network! But this is not offered in the ER605. The ER605 however does not offer such option. That is why we can never achieve Split Tunneling with the ER605!
Picture below is the server config from my TP-Link Archer AX73 WiFi 6 router!
- Copy Link
- Report Inappropriate Content
for the first, update your software on all your system to the latest.
then create a openvpn server with splitt, easy as that
- Copy Link
- Report Inappropriate Content
You are really confusing me. You must not have the ER605 that I am referring to in my posts. Yes, I have the latest firmware of my ER605. Your screen is totally different from mine! BTW I appreciate that you suggested OpenVPN. I am now using OpenVPN instead of the L2TP - which is very slow, IMHO.
This is my OpenVPN configuration screen of my ER605 V2 with firmware version 2.2.2 Build 20231017 Rel.68869:
- Copy Link
- Report Inappropriate Content
Information
Helpful: 0
Views: 3199
Replies: 22
Voters 0
No one has voted for it yet.