When connecting an L2TP tunnel with a Windows client, by default, all internet traffic will go through this tunnel. To spare bandwidth and therefore keep the internet traffic out of the L2TP tunnel follow the guide below.
On Windows PCs, we need to uncheck "Use default gateway on remote network" and add routing on CMD. Please follow the steps below.
You can implement the split tunnel configuration by following the steps below.
Table of Content
1a) L2TP - For Windows
1b) L2TP - For MacOS
2) SecuExtender
1a) L2TP - For Windows
- Right Click on your network connection icon in your taskbar and click on "Open Network & Internet settings":
- In the next window, click on "Change adapter options":
- Right-click the VPN connection adapter and click "Properties"
- Switch to Networking-Tab, select "Internet Protocol Version 4 (TCP/IPv4)" and click "Properties"
- In "Internet Protocol Version 4 (TCP/IPv4) Properties", click "Advanced"
- In "Advanced TCP/IP Settings" "IP Settings"-tab, uncheck "Use default gateway on remote network".
- Create route(s) based on your needs for your VPN connection in PowerShell.
Example with 192.168.1.0/24 as remote subnet and "Zyxel VPN" as VPN connection name:
Add-VpnConnectionRoute -ConnectionName "Zyxel VPN" -DestinationPrefix "192.168.1.0/24" -PassThru
You have now successfully activated split tunnelling on the VPN connection and also add an additional route through the VPN.
1b) L2TP - For MacOS
Create a L2TP tunnel using this article. Click the Advanced button and be sure to uncheck the box Send all traffic over VPN connection .
By default, this option is disabled.
Then click the OK button and then click the Apply button again.
2) SecuExtender
First define the remote LAN address which is the LAN subnet of the firewall you want your client to reach
For IKEv2 you can also make sure that you untick the "Disable Split Tunneling" box: