Does IKEv2 support for split tunnel?
Zyxel Employee
QUESTION
In my scenario, the clients establishes IKEv2 VPN tunnel to device for reaching internal servers.
But in the same time, all of clinet's traffic will pass through to VPN tunnel.
How to separate client’s Internet from VPN tunnel?(Internet traffic will not pass through to VPN tunnel)
ANSWER
In the current design, Windows native VPN interface can't separate Internet traffic from VPN tunnel.
The only way to fulfillit is to create an additional routing on your PC. .
Disable PC default gateway from your VPN interface:
a. Navigate to Control Panel > Network and Sharing Center > Change Adapter Settings
b, Right click on the VPN connection, then choose Properties
c. Select the Networking tab
d. Select Internet Protocol Version 4 (TCP/IPv4) and click Properties
e. Click Advanced
f. Deselect the box for "Use default gateway on remote network"
g. Click OK to apply the changes to the interface
After these steps, all of your PC traffic will pass through to the Internet. So you need to add an additional routing for your VPN traffic.
Create additional routing for your VPN traffic
C:\Windows\system32>route.Add 192.168.1.0 mask 255.255.255.0 100.100.100.1
After you complete the steps above, Windows client is able to connect to the Internet and VPN subnet.
Categories
- All Categories
- 392 Beta Program
- 2.1K Nebula
- 116 Nebula Ideas
- 78 Nebula Status and Incidents
- 5.1K Security
- 51 USG FLEX H Series
- 247 Security Ideas
- 1.3K Switch
- 70 Switch Ideas
- 907 WirelessLAN
- 34 WLAN Ideas
- 5.9K Consumer Product
- 210 Service & License
- 332 News and Release
- 71 Security Advisories
- 21 Education Center
- 5 [Campaign] Zyxel Network Detective
- 1.9K FAQ
- 880 Nebula FAQ
- 415 Security FAQ
- 220 Switch FAQ
- 195 WirelessLAN FAQ
- 46 Consumer Product FAQ
- 137 Service & License FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 72 About Community
- 63 Security Highlight