Page 1 of 1

Split Tunneling

Posted: Sun Jan 26, 2014 1:57 am
by Kez
Hi,

I am running SoftEther client on my Windows 8 machine, the VPN connects great but it routes all my internet traffic through the VPN. Is there any way to enable split tunnelling? I can't find the option in the network settings as Windows treats it as a real network adapter instead of a virtual one. I have done a bit of reading trying to find a solution to this but I am not having much luck. I have also tried connecting using the default Windows VPN, but I am getting "Error 789".

Thanks in advance!

Kez

Re: Split Tunneling

Posted: Sun Jan 26, 2014 8:47 am
by UkrZilla
Ho Kez,

You have to change metric on your VPN Client net card.
Change from Automatic to 100.

Re: Split Tunneling

Posted: Sun Jan 26, 2014 1:41 pm
by Kez
Hey, just tried that and it worked perfectly. Thanks for your help!

Re: Split Tunneling

Posted: Tue Jan 28, 2014 1:20 am
by terryfied
UkrZilla wrote:
Ho Kez, You have to change metric on your VPN Client net card. Change from Automatic to 100.

How do I do this?
Do I make this change to the actual physical network adapter on the machine or am I making this change to the SoftEther virtual network adapter?
If I'm making the change on the actual physical network adapter on a machine that has both wired and wireless physical adapters (like a laptop), do I need to make this change on both physical adapters? And if so, are both values 100 or do they need to be different?
Thanks in advance.

Re: Split Tunneling

Posted: Tue Jan 28, 2014 3:26 am
by terryfied
Figured it all out. Yay Google. Everything is working great now, although I still can't RDP into remote VPN LAN machines by hostname; I have to use the actual IP. No problem though, I'll just assign static IPs in DHCP in Active Directory. Thanks again.

For others, here's what I did:
http://www.howtogeek.com/howto/27994/ho ... n-windows/

FYI, I did change the metric on all adapters (except built-in MS adapters) to ensure I was in complete control of what traffic was routed and where it was routed to, and to avoid any possible conflicts.

Re: Split Tunneling

Posted: Fri Jun 27, 2014 2:47 am
by cedar
There is Split-Tunneling function is implemented in Build 9430.
http://www.softether.org/5-download/history

>> You can set up either SecureNAT Virtual DHCP Server or any external DHCP server to push static routing tables to all VPN clients.

Re: Split Tunneling

Posted: Fri Jul 18, 2014 3:23 pm
by dav
cedar wrote:
> There is Split-Tunneling function is implemented in Build 9430.
> http://www.softether.org/5-download/history
>
> >> You can set up either SecureNAT Virtual DHCP Server or any external DHCP
> server to push static routing tables to all VPN clients.


Thanks! I did it but now the vpn clients doesn't have local network connection (to the company network). What did I do wrong/ What am I missing?

This is my SecureNAT configuration: http://i.imgur.com/hbZvcOU.jpg

To know: The core router in the company has the 192.168.30.1/24 IP, the VPN Server is running on 192.168.30.29/24 machine.
So what I did was change the IP of the Virtual Interface to 31.1/24 and create a scope for the Virtual DHCP Server from 31.10 to 31.200, without the default gateway information (because that's what the soft recommends inside the 'Edit the static routing table to push' option, http://i.imgur.com/cM8DR8K.jpg).
I also try to add a route inside this last mentioned option, something like 192.168.31.0/255.255.255.0/192.168.30.1 but I'm not sure if it has any sense.

Re: Split Tunneling

Posted: Fri Jul 25, 2014 1:55 pm
by dav
Anyone? I need to enable split-tunneling somehow!!

Thx.

Re: Split Tunneling

Posted: Wed Aug 06, 2014 7:33 pm
by dav
Someone?

Re: Split Tunneling

Posted: Wed Aug 20, 2014 8:29 am
by thisjun
Configuration of static routing is wrong.
You should set as following.
192.168.30.0/255.255.255.0/192.168.31.1

Re: Split Tunneling

Posted: Mon Oct 20, 2014 7:28 pm
by jeremyhahn
I'm looking to push a route to a L2TP client using SecureNAT DHCP / split-tunneling on a Linux server running SoftEther version 4.10 build 9505 (English).

When I run the DhcpGet command, I get the following:

VPN Server/vpn>DhcpGet
DhcpGet command - Get Virtual DHCP Server Function Setting of SecureNAT Function
Item |Value
-------------------------------+-----------------
Use Virtual DHCP Function |Yes
Start Distribution Address Band|192.168.1.10
End Distribution Address Band |192.168.1.200
Subnet Mask |255.255.255.0
Lease Limit (Seconds) |7200
Default Gateway Address |192.168.1.1
DNS Server Address 1 |192.168.1.1
DNS Server Address 2 |None
Domain Name |my.domain
Save NAT and DHCP Operation Log|Yes
Static Routing Table to Push |
The command completed successfully.

However, when I run DhcpSet, I never get prompted to set the static routing table to push. Is this supported on Linux or only Windows? If the latter, will you please point me in the right direction to contribute a patch to enable this on Linux?

Thanks

Re: Split Tunneling

Posted: Tue Oct 21, 2014 5:14 pm
by jeremyhahn
I was able to work around the issue by editing the config file directly. Thanks

Re: Split Tunneling

Posted: Fri Oct 31, 2014 6:56 am
by thisjun
You can configure by DhcpSet.
Please refer "DhcpSet /?".

Re: Split Tunneling

Posted: Thu Dec 04, 2014 2:35 pm
by ivica.glavocic
How can split tunnel be implemented on bridged server?

Re: Split Tunneling

Posted: Tue Dec 16, 2014 7:38 am
by thisjun
Configure pushing static route on your bridged DHCP server.

Re: Split Tunneling

Posted: Wed Mar 04, 2015 7:31 am
by thisjun
Please tell me your network configuration.

Re: Split Tunneling

Posted: Thu Mar 26, 2015 6:53 am
by ktlee
anyone can help to provide the detail configuration for Split Tunneling?
i am facing issue that user complaint why the internet connection is also going through VPN only can go out.

Re: Split Tunneling

Posted: Wed Apr 01, 2015 6:08 am
by thisjun
Don't you configure a default-gateway?
If so, try to delete the default-gateway.

Re: Split Tunneling

Posted: Wed Apr 01, 2015 6:27 am
by ktlee
yes, default gateway removed.
settled. static route added solved the problem.

Re: Split Tunneling

Posted: Thu Mar 23, 2017 7:38 am
by thisjun
Are the VPN server version and VPN server manager version same?

Re: Split Tunneling

Posted: Sat Jul 01, 2017 12:15 pm
by chaoscreater
UkrZilla wrote:
> Ho Kez,
>
> You have to change metric on your VPN Client net card.
> Change from Automatic to 100.

It works, but it also broke the VPN for me. I can't ping any work VM by IP or hostname, can't RDP either. If I set the metric of the SoftEther VPN virtual NIC back to 1, it works again (but traffic is routed through work VPN).

I think the correct setting is to tick the "No adjustment of routing table" option under Advanced Settings of your connection on the VPN client. I've done several speedtests and I'm getting the correct result and I can still access work resources (ping, RDP etc) ok. However, I've read in another topic that this is unstable and some traffic may still be routed over the VPN. If I look at whatsmyip.com, I can see my home IP address so that's good. If I go to speedtest.net and do a test, the speed matches my home fiber connection, BUT it shows my ISP as my work connection and the IP also as my work public IP.....so it's a bit weird how split tunneling is implemented here.

The other suggestions were to adjust the routing table on the SoftEther VPN server (assuming you're using SecureNAT), and assuming if you're using the virtual DHCP server (within SecureNAT) then you could just not configure the default gateway.



UPDATE:
I take that back. The client side option "No adjustment of routing table" doesn't work. I'm not sure what it does, but it doesn't prevent internet traffic from routing through the VPN. My home router has a built-in Web History monitor and I can see internet traffic from the client side (work PC) being routed to my VPN server at home.

I think the best approach here is to configure the virtual DHCP setting without a default gateway, then "Edit the static routing table to push" with the following entry. Assuming you use the default SecureNAT settings, then edit the static routing table to the following:

192.168.1.0/255.255.255.0/192.168.30.1

In this example, 192.168.1.0 is my home network, and 192.168.30.1 is the SecureNAT default gateway. This basically says, any traffic for the 192.168.1.0 network will be routed via the SecureNAT default gateway.

I've done a few tests and can see that web traffic will still be routed through my work internet, whatsmyip also recognizes the public IP of my work internet. But any traffic for the 192.168.1.0 network will be routed over the VPN.

Re: Split Tunneling

Posted: Wed Jul 12, 2017 6:55 am
by thisjun
"No adjustment of routing table" is that maintaining route to VPN server when the client connect to the VPN server.