L2TP/IPSec: How to make split-tunelling work ?
pude last edited by
I've got some issues with my L2TP/IPSec pfsense configuration :
I don't want all my clients (iOS/Android) traffic to go through the VPN but I can't seem to find how to make that work.
When "Send all traffic" is enable in iphone VPN's settings, everything is functionnal : LAN adresses + internet (but I access it through the VPN).
When I disable the "Send all traffic" in iphone's VPN settings, I can connect to the VPN, but can't access LAN or internet anymore.
My version of pfsense is the nanoBSD one, running inside a google cloud instance.
I followed this tutorial to configure the VPN : https://doc.pfsense.org/index.php/L2TP/IPsec minus some firewalling change to only allow access to a specific subnet.
I can provide more details on configuration, I'm just not sure of which are relevant. Disclaimer : My network skills are not great ;)
It's up to the client to decide what to send. There is no mechanism in that protocol to inform the clients what subnets are available. The client has to define that itself.