Split Tunneling for L2TP VPN Client?

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.

Split Tunneling for L2TP VPN Client?

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
Split Tunneling for L2TP VPN Client?
Split Tunneling for L2TP VPN Client?
2023-12-09 16:08:23

Hello! I am looking for a way for split tunneling in my L2TP VPN client.  It is very obvious that when a client connects to the ER605 server, all traffic goes into the tunnel.  I only want to limit the tunnel to the LAN of the ER605.

 

Any suggestions please?

 

Thanks.

  0      
  0      
#1
Options
22 Reply
Re:Split Tunneling for L2TP VPN Client?
2023-12-11 02:20:50

Hi @firefox111 

Thanks for posting in our business forum.

What to do if you cannot access the remote network through Client-to-LAN/Site VPN tunnel

In Step 4, it is enabled by default. Windows enables it. So, you uncheck this one and it does not work in full tunnel work.

Best Regards! If you are new to the forum, please read: Howto - A Guide to Use Forum Effectively. Read Before You Post. Look for a model? Search your model NOW Official and Beta firmware. NEW features! Subscribe for the latest update!Download Beta Here☚ ☛ ★ Configuration Guide ★ ☚ ☛ ★ Knowledge Base ★ ☚ ☛ ★ Troubleshooting ★ ☚ ● Be kind and nice. ● Stay on the topic. ● Post details. ● Search first. ● Please don't take it for granted. ● No email confidentiality should be violated. ● S/N, MAC, and your true public IP should be mosaiced.
  0  
  0  
#3
Options
Re:Split Tunneling for L2TP VPN Client?
2023-12-11 04:01:02 - last edited 2023-12-11 04:35:33

  @Clive_A 

The client I am referring to is an iPad with ios 17.1.2.  I guess I need to research more on how to do the workaround on ios device.

 

update: in the L2TP setting in my iPad, I turned off the "Send all traffic". That theoretically enables split tunneling. However, I can no longer connect to the LAN of the VPN server! If I turn it back on, I can connect and manage the the LAN but it sends all traffic to the remote. Why? I guess this is an Apple IOS question. Any Apple iPad users here in this community?

  0  
  0  
#4
Options
Re:Split Tunneling for L2TP VPN Client?
2023-12-14 02:20:32

I think with my LAN and remote IP configuration (Class C), I will not be able to split tunnel! According to this article (https://www.tp-link.com/us/support/faq/3045/), I need to configure both LAN and remote IP's with Class A or Class B, and, the VPN IP Pool as well!  Why?

  0  
  0  
#5
Options
Re:Split Tunneling for L2TP VPN Client?
2023-12-14 06:36:10

  @firefox111 

 

if you need split why not use a technology that can split, I recommend you look at OpenVPN or Wiregurad, both of these are very easy to split, both of these solutions are also modern solutions that are taking over more and more for L2TP and PPTP.

 

wireguard is also very fast if you want to try it

 

So give it a try :-)

 

  0  
  0  
#6
Options
Re:Split Tunneling for L2TP VPN Client?
2023-12-15 15:18:21
I thought L2TP is more secure than OpenVPN. I am not familiar with wireguard! I will try to setup OpenVPN. I OpenVPN running on my raspberry pi. What I really want is a LAN-to-LAN between two locations that can fully communicate to and from devices in both locations.
  0  
  0  
#7
Options
Re:Split Tunneling for L2TP VPN Client?
2023-12-15 17:57:08

  @MR.S 

Well, it turns out that I will NOT be able to use OVPN in my current situation.  OpenVPN requires a Server IP Address not FQDN with DDNS. Unfortunately, I have to use Dynamic DNS for both my locations.

  0  
  0  
#8
Options
Re:Split Tunneling for L2TP VPN Client?
2023-12-15 18:08:51

  @firefox111 

 

If I have not misunderstood something, it was an iPad you had, when you have exported the OVPN file you change the server address to a fqdn address before you import the config into the OpenVPN client on your iPad

 

a config example, change what is marked in red before importing the file

 

client
dev tun
proto udp
remote my. dynamicip. net 1196
resolv-retry infinite
nobind
remote-cert-tls server
tls-version-min 1.2
verify-x509-name Pi4-2GB_fc315512-71cb-4bc1-ac82-3abdd8d10fa5 name
cipher AES-256-CBC
auth SHA256
auth-nocache
verb 3
 

  0  
  0  
#9
Options
Re:Split Tunneling for L2TP VPN Client?
2023-12-16 05:29:15 - last edited 2023-12-16 05:46:42

  @MR.S 

I see what you mean - change the ip address to fqdn in the .ovpn file before importing it to the client.  BUT the ER605 OpenVPN configuration does NOT offer Split tunnel. I imported the certificate anyway and tested it on my iPad.  With my iPad was connected to my iPhone's Hot Spot, I connected the iPad to the ER605 OpenVPN server. When I did a traceroute to Internet URL the route still went in the ER605's gateway.  NOT to the iPhone's Internet connection!  What the....

 

BTW, looks like your example was not generated from an ER605!


I have a TP-Link Archer AX73 WiFi 6 router and the OpenVPN server config in this router offers the option to only tunnel Local Network! But this is not offered in the ER605. The ER605 however does not offer such option.  That is why we can never achieve Split Tunneling with the ER605!


Picture below is the server config from my TP-Link Archer AX73 WiFi 6 router!

  0  
  0  
#10
Options
Re:Split Tunneling for L2TP VPN Client?
2023-12-16 07:53:09

  @firefox111 

 

for the first, update your software on all your system to the latest.

 

then create a openvpn server with splitt, easy as that smiley

 

  0  
  0  
#11
Options
Re:Split Tunneling for L2TP VPN Client?
2023-12-16 19:00:27

  @MR.S 

You are really confusing me.  You must not have the ER605 that I am referring to in my posts.  Yes, I have the latest firmware of my ER605.  Your screen is totally different from mine!  BTW I appreciate that you suggested OpenVPN.  I am now using OpenVPN instead of the L2TP - which is very slow, IMHO.

 

This is my OpenVPN configuration screen of my ER605 V2 with firmware version 2.2.2 Build 20231017 Rel.68869:

 

  0  
  0  
#12
Options