Split tunnel VPN doesn't seem to work (SecuExtender and USG Flex Firewall)

Rimfire
Rimfire Posts: 16  Freshman Member
First Comment Second Anniversary
The customer has Cloud Authentication Setup using default settings (Remote access VPN)) available for the USG FLEX 200 FW. Some 20 SecuExtender licenses. They do use MFA (Google Authenticator).

The split tunnel doesn't work imo. What ever I do to the SecuExtender Client the laptop will always result having the public IP of the
USG FLEX 200 Firewall, not the local Internets public IP (what is my ip test via browser). All Win 10 laptops, no Win7/Win11 at all.

Further more, the tunnel doesn't stay up! Very problematic and the client is going away if we can't fix this.

Any ideas?

Accepted Solution

  • Rimfire
    Rimfire Posts: 16  Freshman Member
    First Comment Second Anniversary
    Answer ✓
    The ZyXEL's Second Level Support provided a new conf file for the SecuExtender Client and now the split tunnel function is working.

All Replies

  • CHS
    CHS Posts: 181  Master Member
    5 Answers First Comment Friend Collector Sixth Anniversary
    Remote access VPN is "Client to Site" VPN tunnel.
    The VPn tunnel will offer VPN IP address after client after building VPN tunnel.
    So VPN client traffic will fully transmit to VPN gateway. It is doesn't support split tunnel.

    If you would like to split Internet and VPN traffic, you can consider create "Non-Nebila VPN peers" in Site to Site VPN tunnel.

  • Rimfire
    Rimfire Posts: 16  Freshman Member
    First Comment Second Anniversary
    "..create Non-Nebila VPN peers" in Site to Site VPN tunnel." What does this mean in practice? Can you plese provide additional details?

    Further more. Do you have better answer to my question regarding keeping VPN tunnel open. ZyXEL first level support suggested to ping GW's LAN address through VPN tunnel but the customer reports it doesn't help. 
  • Rimfire
    Rimfire Posts: 16  Freshman Member
    First Comment Second Anniversary
    Answer ✓
    The ZyXEL's Second Level Support provided a new conf file for the SecuExtender Client and now the split tunnel function is working.

Nebula Tips & Tricks