IPSEC configure for no split tunnel?
-
So I followed the instructions and I have a working mobile IPSEC (Cisco type) server on my 2.1 box that I can log in two users for an iPhone and MacBook (native support) tested so far.
What I can't seem to do is remove split tunneling and force all client traffic over the VPN. The "native" default route still remains and takes preference over the IPSEC default route. I've followed various suggestions on the boards here and tried a few things myself, but to no avail. I'm sure it's something simple, what is it?
(This is a personal use home system, I like having a VPN back to bypass any restrictions and snooping from wherever I happen to be on the road, not to mention access to file and printer sharing. I've used OpenVPN successfully before, but using OS-native IPSEC clients appeals to me.)
-
With mobile, that is all up to the client side. The client ultimately decides which networks it will send across a tunnel.
You might try toggling the "provide a list of networks" option but that doesn't seem to have any effect for me.
My only iOS device, an iPod Touch, does try to tunnel all of its traffic, Internet included, without any intervention from me.
-
You're correct about the client control, which is Cisco's pitch for their "enhanced" client software. However it's all about the order of "default" in the routing table. You're also correct that the "provide a list of Networks" checkbox was responsible for the "split_network includes" in the generated racoon.conf.
Thanks for the reply jimp! It would have saved me some time… :P ::) ;D I did finally solve my own problem before I read the reply here, so herewith the snaps of the settings I used. These work for non-split tunneling in iOS and OS X native clients. (Although both can be monkeyed with from the client end.)
