L2TP/IPSec: How to make split-tunelling work ?

  • Hi guys,

    I've got some issues with my L2TP/IPSec pfsense configuration :

    I don't want all my clients (iOS/Android) traffic to go through the VPN but I can't seem to find how to make that work.

    When "Send all traffic" is enable in iphone VPN's settings, everything is functionnal : LAN adresses + internet (but I access it through the VPN).
    When I disable the "Send all traffic" in iphone's VPN settings, I can connect to the VPN, but can't access LAN or internet anymore.

    2.3.3-RELEASE-p1 (amd64)
    My version of pfsense is the nanoBSD one, running inside a google cloud instance.

    I followed this tutorial to configure the VPN : https://doc.pfsense.org/index.php/L2TP/IPsec minus some firewalling change to only allow access to a specific subnet.
    I can provide more details on configuration, I'm just not sure of which are relevant. Disclaimer : My network skills are not great ;)


  • Rebel Alliance Developer Netgate

    It's up to the client to decide what to send. There is no mechanism in that protocol to inform the clients what subnets are available. The client has to define that itself.