Thanks for the suggestion but unfortunately no PING. Since I am able to ping 172.30.2.1 (but not 172.30.2.2), could it be something related to firewall or routing?

Finally fixed it. Use Radius for authentication. When I checked the Radius server settings. I noticed that I made a config mistake I set the Services Offered to "authentication". When I changed it to "authentication and accounting". Everything started working as it supposed to.

@jimp Ok, thank you for the response. That does make sense to me as well but I wanted to check just in case. Thanks!

@jimp ive had an idea which i just tried. i made a subdomain for each phase 2 entry (4 in sum), so i connected 1 ipsec (phase 1) with the IP and added another 3 with different subdomains to the same ip and with the different phase 2 entrys. Seems to work. Looks pretty ugly but at least it works on 2.5.2. ugly ipsec

Do you have Hardware crypto enabled?

I think I've maybe found the issue. I think his home ISP is blocking something. If he creates a wifi hotspot on his smartphone, his Window PC can then connect to our VPN!

@billyhart01 said in IPSec split tunneling: What am I doing wrong? If you tell us, what you did, maybe someone can answer this question.

@dylanw Hi, did you find a solution for this? Because even with the new 2.6.0 beta I experience the same issue. Still staying on 2.5.1 for that reason. Thanks

Just ran into this ourselves...on this router back in late September I stopped pcscd but I didn't bother installing the patch since 21.09 was presumably imminent. Fast forward a few months and we're setting up IPSec, with pcscd long stopped. Diag/activity showed 88% idle at the top, yet had the lines for charon and syslogd and the idle/CPU entries were only a few percent. Starting pcscd dropped CPU use to normal. Patch + stop IPSec + stop pcscd + start IPSec fixed it.

Hello and thank you for your answer, let me rephrase what i meant to say: i have an older draytek 2920 router that i would like to use as a site to site router based on ipsec in my home i have a pfsense box that already has a few openvpn servers running instead of selling / throw the router draytek away i would like to use it is a Ipsec site to site router with the draytek dialing out to my pfsense box... can anybody help me with this? ipsec is new for me Thnx in advance