VPN IPSec Site2Site without split tunnel
This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.VPN IPSec Site2Site without split tunnel
This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
Hello,
I just got my new ER605 connected through ipsec to another vpn site. Everythings works great except I cant figure out how to route ALL traffic throught the vpn tunnel.
My wish is: destination 0.0.0.0/0 uses VPN Tunnel
So i want to disable the split tunneling. How can I achieve that?
TIA
- Copy Link
- Subscribe
- Bookmark
- Report Inappropriate Content
Hi. You should be able to accomplish this using a Policy Route. If the tunnel is up, it should appear as a WAN option when you create the rule for your device or subnet(s)
- Copy Link
- Report Inappropriate Content
- Copy Link
- Report Inappropriate Content
I don't think it is possible to route all traffic in an IPsec sit to site VPN, it will only work if you use L2TP or PPTP and policy route.
it is not possible to create policy route through IPsec Site ot Site VPN.
- Copy Link
- Report Inappropriate Content
thank you shberge. It MUST be possible. I work with lots of other brands and vendors and there you can do it too. If its not possible TPLINK has to fix this behavior. A lot of business customers need that feature. Its not a fancy or exotic feature. But thank you!
- Copy Link
- Report Inappropriate Content
- Copy Link
- Report Inappropriate Content
but this will not route all traffic through the vpn, only traffic to remote lan 192.168.10.0/24 not 0.0.0.0/0
- Copy Link
- Report Inappropriate Content
what i learn, it is impossible.
why?
site to site vpn, ipsec site to site, to be specific, was invented for connection between sites. not routing the traffic as a proxy thing.
i don't understand why you wanna route all traffic. you don't split the tunnel, then how do you get the Internet?
traffic to another site and that's the end of it? you split because you need access to the resources on the other site.
if you want a full tunnel, use OpenVPN or L2TP. forget about the proxy on site to site.
- Copy Link
- Report Inappropriate Content
Hi @Tedd404 I can tell you: It is not impossible. Like I said, every other business vpn vendor can route traffic destined for 0.0.0.0 through the tunnel. We have a central VPN HQ. There we terminate all our remote branch offices and do traffic analysis, decryption, policies etc. Its a usual setup in bigger business enviroments.Hope to have clearified your question.
- Copy Link
- Report Inappropriate Content
I use an Client-Site L2TP/IPsec tunnel and it works just fine, is that an option for you? Shouldn't be much different than what you have, except only 1 side needs a static IP or DDNS.
- Copy Link
- Report Inappropriate Content
@d0ugmac1 thank you for reply. L2TP is not an option. TPLINK needs to address this issue. Any client non-corporate traffic from TPLINK Omada Router should be forwarded to the central firewall through the VPN tunnel. The default gateway route should point to the VPN tunnel.
Thank you all for your support but I think at this point a TPLINK engineer should answer why this is not possible and if its planned to fix this issue. A lot of business customers depend on this feature.
Thank you all
- Copy Link
- Report Inappropriate Content
Information
Helpful: 1
Views: 2533
Replies: 17
Voters 0
No one has voted for it yet.