L2TP Split Tunneling

Hello,

We have L2TP VPN with IPSec enabled but split tunneling seems to be going on. I read where Full tunnel is default but that does not seem to be the case with us.

Any idea on what I am missing here? We want to route all traffic from the remote customer through our firebox and back to the internet.

Thanks

Comments

  • How are you identifying that there is split tunneling happening?

    From the docs:

    Split tunnel

    The Firebox supports connections from Mobile VPN with L2TP clients configured for split tunneling. However, you must manually configure L2TP clients for split tunneling. For example, you must manually add routes on the client computer for each remote network that you require access to.

    We do not provide customer support for split tunnel configurations on L2TP clients. See the documentation provided by your VPN client vendor.

    Internet Access Through a Mobile VPN with L2TP Tunnel
    https://www.watchguard.com/help/docs/help-center/en-US/Content/en-US/Fireware/mvpn/l2tp/l2tp_internet_access_c.html

  • Yes thats what I read.

    I have a client who is connected to the VPN and he states:

    Message: I've setup the VPN and I can connect but I don't see any difference in traceroute before and after. I also go to https://whatismyipaddress.com/ and the internet sees me as the same IP before and after connecting. I assuemd this is a typical VPN that would re-direct my internet connection to the TM server.

    Thanks for looking at this. I know a bit about this and I would suspect split tunneling is turned on in the VPN config on your side or something like that causing my traffic to still go out my normal path instead of forcing everything over the VPN.

  • You can log what is coming from this user and see it in Traffic Monitor or your log server.
    Add an Any packet filter From: that user ID To: Any or Any-external.
    Make sure that this policy is above the Allow L2TP-Users policy.

    Almost seems as if the user is not really connected???

  • Yes its strange.

    I've added a NAT for the selected ip range on the L2TP VPN. The traffic seems to be higher now through the firebox. I am going to work with my partner to go through it again and make sure we are not missing anything.

  • Logging may help

Sign In to comment.