Split Tunneling
-
- Posts: 2
- Joined: Sun Jan 26, 2014 1:53 am
Split Tunneling
Hi,
I am running SoftEther client on my Windows 8 machine, the VPN connects great but it routes all my internet traffic through the VPN. Is there any way to enable split tunnelling? I can't find the option in the network settings as Windows treats it as a real network adapter instead of a virtual one. I have done a bit of reading trying to find a solution to this but I am not having much luck. I have also tried connecting using the default Windows VPN, but I am getting "Error 789".
Thanks in advance!
Kez
I am running SoftEther client on my Windows 8 machine, the VPN connects great but it routes all my internet traffic through the VPN. Is there any way to enable split tunnelling? I can't find the option in the network settings as Windows treats it as a real network adapter instead of a virtual one. I have done a bit of reading trying to find a solution to this but I am not having much luck. I have also tried connecting using the default Windows VPN, but I am getting "Error 789".
Thanks in advance!
Kez
-
- Posts: 65
- Joined: Sun Dec 15, 2013 8:34 am
Re: Split Tunneling
Ho Kez,
You have to change metric on your VPN Client net card.
Change from Automatic to 100.
You have to change metric on your VPN Client net card.
Change from Automatic to 100.
-
- Posts: 2
- Joined: Sun Jan 26, 2014 1:53 am
Re: Split Tunneling
Hey, just tried that and it worked perfectly. Thanks for your help!
-
- Posts: 17
- Joined: Tue Jan 28, 2014 12:49 am
Re: Split Tunneling
UkrZilla wrote:
Ho Kez, You have to change metric on your VPN Client net card. Change from Automatic to 100.
How do I do this?
Do I make this change to the actual physical network adapter on the machine or am I making this change to the SoftEther virtual network adapter?
If I'm making the change on the actual physical network adapter on a machine that has both wired and wireless physical adapters (like a laptop), do I need to make this change on both physical adapters? And if so, are both values 100 or do they need to be different?
Thanks in advance.
Ho Kez, You have to change metric on your VPN Client net card. Change from Automatic to 100.
How do I do this?
Do I make this change to the actual physical network adapter on the machine or am I making this change to the SoftEther virtual network adapter?
If I'm making the change on the actual physical network adapter on a machine that has both wired and wireless physical adapters (like a laptop), do I need to make this change on both physical adapters? And if so, are both values 100 or do they need to be different?
Thanks in advance.
-
- Posts: 17
- Joined: Tue Jan 28, 2014 12:49 am
Re: Split Tunneling
Figured it all out. Yay Google. Everything is working great now, although I still can't RDP into remote VPN LAN machines by hostname; I have to use the actual IP. No problem though, I'll just assign static IPs in DHCP in Active Directory. Thanks again.
For others, here's what I did:
http://www.howtogeek.com/howto/27994/ho ... n-windows/
FYI, I did change the metric on all adapters (except built-in MS adapters) to ensure I was in complete control of what traffic was routed and where it was routed to, and to avoid any possible conflicts.
For others, here's what I did:
http://www.howtogeek.com/howto/27994/ho ... n-windows/
FYI, I did change the metric on all adapters (except built-in MS adapters) to ensure I was in complete control of what traffic was routed and where it was routed to, and to avoid any possible conflicts.
-
- Site Admin
- Posts: 2197
- Joined: Sat Mar 09, 2013 5:37 am
Re: Split Tunneling
There is Split-Tunneling function is implemented in Build 9430.
http://www.softether.org/5-download/history
>> You can set up either SecureNAT Virtual DHCP Server or any external DHCP server to push static routing tables to all VPN clients.
http://www.softether.org/5-download/history
>> You can set up either SecureNAT Virtual DHCP Server or any external DHCP server to push static routing tables to all VPN clients.
-
- Posts: 5
- Joined: Fri Jul 18, 2014 3:15 pm
Re: Split Tunneling
cedar wrote:
> There is Split-Tunneling function is implemented in Build 9430.
> http://www.softether.org/5-download/history
>
> >> You can set up either SecureNAT Virtual DHCP Server or any external DHCP
> server to push static routing tables to all VPN clients.
Thanks! I did it but now the vpn clients doesn't have local network connection (to the company network). What did I do wrong/ What am I missing?
This is my SecureNAT configuration: http://i.imgur.com/hbZvcOU.jpg
To know: The core router in the company has the 192.168.30.1/24 IP, the VPN Server is running on 192.168.30.29/24 machine.
So what I did was change the IP of the Virtual Interface to 31.1/24 and create a scope for the Virtual DHCP Server from 31.10 to 31.200, without the default gateway information (because that's what the soft recommends inside the 'Edit the static routing table to push' option, http://i.imgur.com/cM8DR8K.jpg).
I also try to add a route inside this last mentioned option, something like 192.168.31.0/255.255.255.0/192.168.30.1 but I'm not sure if it has any sense.
> There is Split-Tunneling function is implemented in Build 9430.
> http://www.softether.org/5-download/history
>
> >> You can set up either SecureNAT Virtual DHCP Server or any external DHCP
> server to push static routing tables to all VPN clients.
Thanks! I did it but now the vpn clients doesn't have local network connection (to the company network). What did I do wrong/ What am I missing?
This is my SecureNAT configuration: http://i.imgur.com/hbZvcOU.jpg
To know: The core router in the company has the 192.168.30.1/24 IP, the VPN Server is running on 192.168.30.29/24 machine.
So what I did was change the IP of the Virtual Interface to 31.1/24 and create a scope for the Virtual DHCP Server from 31.10 to 31.200, without the default gateway information (because that's what the soft recommends inside the 'Edit the static routing table to push' option, http://i.imgur.com/cM8DR8K.jpg).
I also try to add a route inside this last mentioned option, something like 192.168.31.0/255.255.255.0/192.168.30.1 but I'm not sure if it has any sense.
-
- Posts: 5
- Joined: Fri Jul 18, 2014 3:15 pm
Re: Split Tunneling
Anyone? I need to enable split-tunneling somehow!!
Thx.
Thx.
-
- Posts: 2458
- Joined: Mon Feb 24, 2014 11:03 am
Re: Split Tunneling
Configuration of static routing is wrong.
You should set as following.
192.168.30.0/255.255.255.0/192.168.31.1
You should set as following.
192.168.30.0/255.255.255.0/192.168.31.1
-
- Posts: 3
- Joined: Mon Oct 20, 2014 7:19 pm
Re: Split Tunneling
I'm looking to push a route to a L2TP client using SecureNAT DHCP / split-tunneling on a Linux server running SoftEther version 4.10 build 9505 (English).
When I run the DhcpGet command, I get the following:
VPN Server/vpn>DhcpGet
DhcpGet command - Get Virtual DHCP Server Function Setting of SecureNAT Function
Item |Value
-------------------------------+-----------------
Use Virtual DHCP Function |Yes
Start Distribution Address Band|192.168.1.10
End Distribution Address Band |192.168.1.200
Subnet Mask |255.255.255.0
Lease Limit (Seconds) |7200
Default Gateway Address |192.168.1.1
DNS Server Address 1 |192.168.1.1
DNS Server Address 2 |None
Domain Name |my.domain
Save NAT and DHCP Operation Log|Yes
Static Routing Table to Push |
The command completed successfully.
However, when I run DhcpSet, I never get prompted to set the static routing table to push. Is this supported on Linux or only Windows? If the latter, will you please point me in the right direction to contribute a patch to enable this on Linux?
Thanks
When I run the DhcpGet command, I get the following:
VPN Server/vpn>DhcpGet
DhcpGet command - Get Virtual DHCP Server Function Setting of SecureNAT Function
Item |Value
-------------------------------+-----------------
Use Virtual DHCP Function |Yes
Start Distribution Address Band|192.168.1.10
End Distribution Address Band |192.168.1.200
Subnet Mask |255.255.255.0
Lease Limit (Seconds) |7200
Default Gateway Address |192.168.1.1
DNS Server Address 1 |192.168.1.1
DNS Server Address 2 |None
Domain Name |my.domain
Save NAT and DHCP Operation Log|Yes
Static Routing Table to Push |
The command completed successfully.
However, when I run DhcpSet, I never get prompted to set the static routing table to push. Is this supported on Linux or only Windows? If the latter, will you please point me in the right direction to contribute a patch to enable this on Linux?
Thanks
-
- Posts: 3
- Joined: Mon Oct 20, 2014 7:19 pm
Re: Split Tunneling
I was able to work around the issue by editing the config file directly. Thanks
-
- Posts: 2458
- Joined: Mon Feb 24, 2014 11:03 am
Re: Split Tunneling
You can configure by DhcpSet.
Please refer "DhcpSet /?".
Please refer "DhcpSet /?".
-
- Posts: 11
- Joined: Thu Dec 04, 2014 7:08 am
Re: Split Tunneling
How can split tunnel be implemented on bridged server?
-
- Posts: 2458
- Joined: Mon Feb 24, 2014 11:03 am
Re: Split Tunneling
Configure pushing static route on your bridged DHCP server.
-
- Posts: 2458
- Joined: Mon Feb 24, 2014 11:03 am
Re: Split Tunneling
Please tell me your network configuration.
-
- Posts: 2
- Joined: Thu Mar 26, 2015 6:49 am
Re: Split Tunneling
anyone can help to provide the detail configuration for Split Tunneling?
i am facing issue that user complaint why the internet connection is also going through VPN only can go out.
i am facing issue that user complaint why the internet connection is also going through VPN only can go out.
-
- Posts: 2458
- Joined: Mon Feb 24, 2014 11:03 am
Re: Split Tunneling
Don't you configure a default-gateway?
If so, try to delete the default-gateway.
If so, try to delete the default-gateway.
-
- Posts: 2
- Joined: Thu Mar 26, 2015 6:49 am
Re: Split Tunneling
yes, default gateway removed.
settled. static route added solved the problem.
settled. static route added solved the problem.
-
- Posts: 2458
- Joined: Mon Feb 24, 2014 11:03 am
Re: Split Tunneling
Are the VPN server version and VPN server manager version same?
-
- Posts: 12
- Joined: Fri Jun 30, 2017 12:32 am
Re: Split Tunneling
UkrZilla wrote:
> Ho Kez,
>
> You have to change metric on your VPN Client net card.
> Change from Automatic to 100.
It works, but it also broke the VPN for me. I can't ping any work VM by IP or hostname, can't RDP either. If I set the metric of the SoftEther VPN virtual NIC back to 1, it works again (but traffic is routed through work VPN).
I think the correct setting is to tick the "No adjustment of routing table" option under Advanced Settings of your connection on the VPN client. I've done several speedtests and I'm getting the correct result and I can still access work resources (ping, RDP etc) ok. However, I've read in another topic that this is unstable and some traffic may still be routed over the VPN. If I look at whatsmyip.com, I can see my home IP address so that's good. If I go to speedtest.net and do a test, the speed matches my home fiber connection, BUT it shows my ISP as my work connection and the IP also as my work public IP.....so it's a bit weird how split tunneling is implemented here.
The other suggestions were to adjust the routing table on the SoftEther VPN server (assuming you're using SecureNAT), and assuming if you're using the virtual DHCP server (within SecureNAT) then you could just not configure the default gateway.
UPDATE:
I take that back. The client side option "No adjustment of routing table" doesn't work. I'm not sure what it does, but it doesn't prevent internet traffic from routing through the VPN. My home router has a built-in Web History monitor and I can see internet traffic from the client side (work PC) being routed to my VPN server at home.
I think the best approach here is to configure the virtual DHCP setting without a default gateway, then "Edit the static routing table to push" with the following entry. Assuming you use the default SecureNAT settings, then edit the static routing table to the following:
192.168.1.0/255.255.255.0/192.168.30.1
In this example, 192.168.1.0 is my home network, and 192.168.30.1 is the SecureNAT default gateway. This basically says, any traffic for the 192.168.1.0 network will be routed via the SecureNAT default gateway.
I've done a few tests and can see that web traffic will still be routed through my work internet, whatsmyip also recognizes the public IP of my work internet. But any traffic for the 192.168.1.0 network will be routed over the VPN.
> Ho Kez,
>
> You have to change metric on your VPN Client net card.
> Change from Automatic to 100.
It works, but it also broke the VPN for me. I can't ping any work VM by IP or hostname, can't RDP either. If I set the metric of the SoftEther VPN virtual NIC back to 1, it works again (but traffic is routed through work VPN).
I think the correct setting is to tick the "No adjustment of routing table" option under Advanced Settings of your connection on the VPN client. I've done several speedtests and I'm getting the correct result and I can still access work resources (ping, RDP etc) ok. However, I've read in another topic that this is unstable and some traffic may still be routed over the VPN. If I look at whatsmyip.com, I can see my home IP address so that's good. If I go to speedtest.net and do a test, the speed matches my home fiber connection, BUT it shows my ISP as my work connection and the IP also as my work public IP.....so it's a bit weird how split tunneling is implemented here.
The other suggestions were to adjust the routing table on the SoftEther VPN server (assuming you're using SecureNAT), and assuming if you're using the virtual DHCP server (within SecureNAT) then you could just not configure the default gateway.
UPDATE:
I take that back. The client side option "No adjustment of routing table" doesn't work. I'm not sure what it does, but it doesn't prevent internet traffic from routing through the VPN. My home router has a built-in Web History monitor and I can see internet traffic from the client side (work PC) being routed to my VPN server at home.
I think the best approach here is to configure the virtual DHCP setting without a default gateway, then "Edit the static routing table to push" with the following entry. Assuming you use the default SecureNAT settings, then edit the static routing table to the following:
192.168.1.0/255.255.255.0/192.168.30.1
In this example, 192.168.1.0 is my home network, and 192.168.30.1 is the SecureNAT default gateway. This basically says, any traffic for the 192.168.1.0 network will be routed via the SecureNAT default gateway.
I've done a few tests and can see that web traffic will still be routed through my work internet, whatsmyip also recognizes the public IP of my work internet. But any traffic for the 192.168.1.0 network will be routed over the VPN.
-
- Posts: 2458
- Joined: Mon Feb 24, 2014 11:03 am
Re: Split Tunneling
"No adjustment of routing table" is that maintaining route to VPN server when the client connect to the VPN server.