Does IKEv2 support for split tunnel?
QUESTION
In my scenario, the clients establishes IKEv2 VPN tunnel to device for reaching internal servers.
But in the same time, all of clinet's traffic will pass through to VPN tunnel.
How to separate client’s Internet from VPN tunnel?(Internet traffic will not pass through to VPN tunnel)
ANSWER
In the current design, Windows native VPN interface can't separate Internet traffic from VPN tunnel.
The only way to fulfillit is to create an additional routing on your PC. .
Disable PC default gateway from your VPN interface:
a. Navigate to Control Panel > Network and Sharing Center > Change Adapter Settings
b, Right click on the VPN connection, then choose Properties
c. Select the Networking tab
d. Select Internet Protocol Version 4 (TCP/IPv4) and click Properties
e. Click Advanced
f. Deselect the box for "Use default gateway on remote network"
g. Click OK to apply the changes to the interface
After these steps, all of your PC traffic will pass through to the Internet. So you need to add an additional routing for your VPN traffic.
Create additional routing for your VPN traffic
C:\Windows\system32>route.Add 192.168.1.0 mask 255.255.255.0 100.100.100.1
After you complete the steps above, Windows client is able to connect to the Internet and VPN subnet.
Categories
- All Categories
- 415 Beta Program
- 2.3K Nebula
- 141 Nebula Ideas
- 94 Nebula Status and Incidents
- 5.6K Security
- 218 USG FLEX H Series
- 262 Security Ideas
- 1.4K Switch
- 71 Switch Ideas
- 1K Wireless
- 39 Wireless Ideas
- 6.3K Consumer Product
- 245 Service & License
- 382 News and Release
- 81 Security Advisories
- 27 Education Center
- 8 [Campaign] Zyxel Network Detective
- 3.1K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 83 About Community
- 71 Security Highlight