VPN IPSec Site2Site without split tunnel

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
12

VPN IPSec Site2Site without split tunnel

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
VPN IPSec Site2Site without split tunnel
VPN IPSec Site2Site without split tunnel
2023-03-08 21:19:11
Tags: #VPN #Split Tunnel
Model: ER605 (TL-R605)  
Hardware Version: V2
Firmware Version: 2.1.2

Hello,

 

I just got my new ER605 connected through ipsec to another vpn site. Everythings works great except I cant figure out how to route ALL traffic throught the vpn tunnel.

My wish is: destination 0.0.0.0/0 uses VPN Tunnel

 

So i want to disable the split tunneling. How can I achieve that?

 

TIA

  1      
  1      
#1
Options
17 Reply
Re:VPN IPSec Site2Site without split tunnel
2023-03-09 02:02:15

  @th1950 

 

Hi.  You should be able to accomplish this using a Policy Route.  If the tunnel is up, it should appear as a WAN option when you create the rule for your device or subnet(s)

 

 

<< Paying it forward, one juicy problem at a time... >>
  0  
  0  
#2
Options
Re:VPN IPSec Site2Site without split tunnel
2023-03-09 06:16:39
Hi d0ugmac1, thank for your answer. I tried it but failed. I setup a policy route but it still routes the packets destined for internet through the WAN interface. There should be a option for 0.0.0.0 to go out to VPN interface, but sadly theres no option for. It must be possible, every other vendor can do that too. We need this option so badly. Thank you for your answer.
  0  
  0  
#3
Options
Re:VPN IPSec Site2Site without split tunnel
2023-03-09 06:22:58

  @th1950 

I don't think it is possible to route all traffic in an IPsec sit to site VPN, it will only work if you use L2TP or PPTP and policy route.

it is not possible to create policy route through IPsec Site ot Site VPN.

 

 

 

  0  
  0  
#4
Options
Re:VPN IPSec Site2Site without split tunnel
2023-03-09 06:27:52 - last edited 2023-03-09 06:44:55

thank you shberge. It MUST be possible. I work with lots of other brands and vendors and there you can do it too. If its not possible TPLINK has to fix this behavior. A lot of business customers need that feature. Its not a fancy or exotic feature. But thank you!

  0  
  0  
#5
Options
Re:VPN IPSec Site2Site without split tunnel
2023-03-09 07:34:19

Hi @th1950 

 

TP-Link router can do that in Controller mode. See this screenshot:

Best Regards! >> Omada EAP Firmware Trial Available Here << >> Get the Latest Omada SDN Controller Releases Here << *Try filtering posts on each forum by Label of [Early Access]*
  0  
  0  
#6
Options
Re:VPN IPSec Site2Site without split tunnel
2023-03-09 07:56:03

  @Hank21 

 

but this will not route all traffic through the vpn, only traffic to remote lan 192.168.10.0/24 not 0.0.0.0/0

 

  1  
  1  
#7
Options
Re:VPN IPSec Site2Site without split tunnel
2023-03-09 09:10:47

  @th1950 

what i learn, it is impossible. 

why?

site to site vpn, ipsec site to site, to be specific, was invented for connection between sites. not routing the traffic as a proxy thing.

i don't understand why you wanna route all traffic. you don't split the tunnel, then how do you get the Internet? 

traffic to another site and that's the end of it? you split because you need access to the resources on the other site. 

if you want a full tunnel, use OpenVPN or L2TP. forget about the proxy on site to site.

ScReW yOu gUyS. I aM GOinG hoMe. —————————————————————— For heaven's sake, can you write and describe your issue based on plain fact, common logic and a methodologic approach? Appreciate it.
  0  
  0  
#8
Options
Re:VPN IPSec Site2Site without split tunnel
2023-03-09 09:16:18 - last edited 2023-03-09 09:17:02

Hi @Tedd404 I can tell you: It is not impossible. Like I said, every other business vpn vendor can route traffic destined for 0.0.0.0 through the tunnel. We have a central VPN HQ. There we terminate all our remote branch offices and do traffic analysis, decryption, policies etc. Its a usual setup in bigger business enviroments.Hope to have clearified your question.

  0  
  0  
#9
Options
Re:VPN IPSec Site2Site without split tunnel
2023-03-09 13:01:04 - last edited 2023-03-09 13:01:51

@Tedd404 

 

I use an Client-Site L2TP/IPsec tunnel and it works just fine, is that an option for you?  Shouldn't be much different than what you have, except only 1 side needs a static IP or DDNS.

<< Paying it forward, one juicy problem at a time... >>
  0  
  0  
#10
Options
Re:VPN IPSec Site2Site without split tunnel
2023-03-09 13:40:30

  @d0ugmac1 thank you for reply. L2TP is not an option. TPLINK needs to address this issue. Any client non-corporate traffic from TPLINK Omada Router should be forwarded to the central firewall through the VPN tunnel. The default gateway route should point to the VPN tunnel.

 

Thank you all for your support but I think at this point a TPLINK engineer should answer why this is not possible and if its planned to fix this issue. A lot of business customers depend on this feature.

 

Thank you all

  0  
  0  
#11
Options