If you configure the Gateway IP / Subnet in the 10.x.x.x range, for example 10.255.20.1/24, the VPN clients will install a 10.0.0.0/8 route in their routing tables and can communicate with the 10.0.10.0/24 network over the VPN.īelow is an example of a Windows computer that is connected to a L2TP server that uses 10.255.20.1/24 as the Gateway IP / Subnet. For example, you are using the 10.0.10.0/24 IP address range for your LAN and want remote L2TP VPN clients to be able to connect to your LAN, but not route all traffic over the VPN (split tunneling). You can use this functionality to your advantage. .0/24 L2TP VPN subnet is configured with a .x address, for example 192.168.2.1/24.The following classful routes will be added based on the subnet used for the L2TP VPN: This route will depend on the Gateway IP / Subnet that you specify for the L2TP VPN in the UniFi Network application settings. The L2TP VPN is unable to push any routes to the client devices.Ī workaround when using 'split tunneling' (default gateway is not set) is the generation of a single classful route on the client that is automatically installed in the routing table. If you are intending to use a 'split tunneling' setup and disable the gateway option on your clients, then you will need to manually add the necessary routes to the routing tables on the clients. This is the default on Windows computers, but it has to be manually enabled on macOS computers using the Send all traffic through the VPN connection option in the System Preferences > Network > VPN L2TP > Advanced section.
Windows and macOS computers both have an option to route all traffic over the VPN (default gateway).
0 kommentar(er)
