Split Tunneling

Post your questions about SoftEther VPN software here. Please answer questions if you can afford.
Post Reply
Kez
Posts: 2
Joined: Sun Jan 26, 2014 1:53 am

Split Tunneling

Post by Kez » Sun Jan 26, 2014 1:57 am

Hi,

I am running SoftEther client on my Windows 8 machine, the VPN connects great but it routes all my internet traffic through the VPN. Is there any way to enable split tunnelling? I can't find the option in the network settings as Windows treats it as a real network adapter instead of a virtual one. I have done a bit of reading trying to find a solution to this but I am not having much luck. I have also tried connecting using the default Windows VPN, but I am getting "Error 789".

Thanks in advance!

Kez

UkrZilla
Posts: 65
Joined: Sun Dec 15, 2013 8:34 am

Re: Split Tunneling

Post by UkrZilla » Sun Jan 26, 2014 8:47 am

Ho Kez,

You have to change metric on your VPN Client net card.
Change from Automatic to 100.

Kez
Posts: 2
Joined: Sun Jan 26, 2014 1:53 am

Re: Split Tunneling

Post by Kez » Sun Jan 26, 2014 1:41 pm

Hey, just tried that and it worked perfectly. Thanks for your help!

terryfied
Posts: 17
Joined: Tue Jan 28, 2014 12:49 am

Re: Split Tunneling

Post by terryfied » Tue Jan 28, 2014 1:20 am

UkrZilla wrote:
Ho Kez, You have to change metric on your VPN Client net card. Change from Automatic to 100.

How do I do this?
Do I make this change to the actual physical network adapter on the machine or am I making this change to the SoftEther virtual network adapter?
If I'm making the change on the actual physical network adapter on a machine that has both wired and wireless physical adapters (like a laptop), do I need to make this change on both physical adapters? And if so, are both values 100 or do they need to be different?
Thanks in advance.

terryfied
Posts: 17
Joined: Tue Jan 28, 2014 12:49 am

Re: Split Tunneling

Post by terryfied » Tue Jan 28, 2014 3:26 am

Figured it all out. Yay Google. Everything is working great now, although I still can't RDP into remote VPN LAN machines by hostname; I have to use the actual IP. No problem though, I'll just assign static IPs in DHCP in Active Directory. Thanks again.

For others, here's what I did:
http://www.howtogeek.com/howto/27994/ho ... n-windows/

FYI, I did change the metric on all adapters (except built-in MS adapters) to ensure I was in complete control of what traffic was routed and where it was routed to, and to avoid any possible conflicts.

cedar
Site Admin
Posts: 930
Joined: Sat Mar 09, 2013 5:37 am

Re: Split Tunneling

Post by cedar » Fri Jun 27, 2014 2:47 am

There is Split-Tunneling function is implemented in Build 9430.
http://www.softether.org/5-download/history

>> You can set up either SecureNAT Virtual DHCP Server or any external DHCP server to push static routing tables to all VPN clients.

dav
Posts: 5
Joined: Fri Jul 18, 2014 3:15 pm

Re: Split Tunneling

Post by dav » Fri Jul 18, 2014 3:23 pm

cedar wrote:
> There is Split-Tunneling function is implemented in Build 9430.
> http://www.softether.org/5-download/history
>
> >> You can set up either SecureNAT Virtual DHCP Server or any external DHCP
> server to push static routing tables to all VPN clients.


Thanks! I did it but now the vpn clients doesn't have local network connection (to the company network). What did I do wrong/ What am I missing?

This is my SecureNAT configuration: http://i.imgur.com/hbZvcOU.jpg

To know: The core router in the company has the 192.168.30.1/24 IP, the VPN Server is running on 192.168.30.29/24 machine.
So what I did was change the IP of the Virtual Interface to 31.1/24 and create a scope for the Virtual DHCP Server from 31.10 to 31.200, without the default gateway information (because that's what the soft recommends inside the 'Edit the static routing table to push' option, http://i.imgur.com/cM8DR8K.jpg).
I also try to add a route inside this last mentioned option, something like 192.168.31.0/255.255.255.0/192.168.30.1 but I'm not sure if it has any sense.

dav
Posts: 5
Joined: Fri Jul 18, 2014 3:15 pm

Re: Split Tunneling

Post by dav » Fri Jul 25, 2014 1:55 pm

Anyone? I need to enable split-tunneling somehow!!

Thx.

dav
Posts: 5
Joined: Fri Jul 18, 2014 3:15 pm

Re: Split Tunneling

Post by dav » Wed Aug 06, 2014 7:33 pm

Someone?

thisjun
Posts: 2090
Joined: Mon Feb 24, 2014 11:03 am

Re: Split Tunneling

Post by thisjun » Wed Aug 20, 2014 8:29 am

Configuration of static routing is wrong.
You should set as following.
192.168.30.0/255.255.255.0/192.168.31.1

jeremyhahn
Posts: 3
Joined: Mon Oct 20, 2014 7:19 pm

Re: Split Tunneling

Post by jeremyhahn » Mon Oct 20, 2014 7:28 pm

I'm looking to push a route to a L2TP client using SecureNAT DHCP / split-tunneling on a Linux server running SoftEther version 4.10 build 9505 (English).

When I run the DhcpGet command, I get the following:

VPN Server/vpn>DhcpGet
DhcpGet command - Get Virtual DHCP Server Function Setting of SecureNAT Function
Item |Value
-------------------------------+-----------------
Use Virtual DHCP Function |Yes
Start Distribution Address Band|192.168.1.10
End Distribution Address Band |192.168.1.200
Subnet Mask |255.255.255.0
Lease Limit (Seconds) |7200
Default Gateway Address |192.168.1.1
DNS Server Address 1 |192.168.1.1
DNS Server Address 2 |None
Domain Name |my.domain
Save NAT and DHCP Operation Log|Yes
Static Routing Table to Push |
The command completed successfully.

However, when I run DhcpSet, I never get prompted to set the static routing table to push. Is this supported on Linux or only Windows? If the latter, will you please point me in the right direction to contribute a patch to enable this on Linux?

Thanks

jeremyhahn
Posts: 3
Joined: Mon Oct 20, 2014 7:19 pm

Re: Split Tunneling

Post by jeremyhahn » Tue Oct 21, 2014 5:14 pm

I was able to work around the issue by editing the config file directly. Thanks

thisjun
Posts: 2090
Joined: Mon Feb 24, 2014 11:03 am

Re: Split Tunneling

Post by thisjun » Fri Oct 31, 2014 6:56 am

You can configure by DhcpSet.
Please refer "DhcpSet /?".

ivica.glavocic
Posts: 5
Joined: Thu Dec 04, 2014 7:08 am

Re: Split Tunneling

Post by ivica.glavocic » Thu Dec 04, 2014 2:35 pm

How can split tunnel be implemented on bridged server?

thisjun
Posts: 2090
Joined: Mon Feb 24, 2014 11:03 am

Re: Split Tunneling

Post by thisjun » Tue Dec 16, 2014 7:38 am

Configure pushing static route on your bridged DHCP server.

thisjun
Posts: 2090
Joined: Mon Feb 24, 2014 11:03 am

Re: Split Tunneling

Post by thisjun » Wed Mar 04, 2015 7:31 am

Please tell me your network configuration.

ktlee
Posts: 2
Joined: Thu Mar 26, 2015 6:49 am

Re: Split Tunneling

Post by ktlee » Thu Mar 26, 2015 6:53 am

anyone can help to provide the detail configuration for Split Tunneling?
i am facing issue that user complaint why the internet connection is also going through VPN only can go out.

thisjun
Posts: 2090
Joined: Mon Feb 24, 2014 11:03 am

Re: Split Tunneling

Post by thisjun » Wed Apr 01, 2015 6:08 am

Don't you configure a default-gateway?
If so, try to delete the default-gateway.

ktlee
Posts: 2
Joined: Thu Mar 26, 2015 6:49 am

Re: Split Tunneling

Post by ktlee » Wed Apr 01, 2015 6:27 am

yes, default gateway removed.
settled. static route added solved the problem.

thisjun
Posts: 2090
Joined: Mon Feb 24, 2014 11:03 am

Re: Split Tunneling

Post by thisjun » Thu Mar 23, 2017 7:38 am

Are the VPN server version and VPN server manager version same?

chaoscreater
Posts: 12
Joined: Fri Jun 30, 2017 12:32 am

Re: Split Tunneling

Post by chaoscreater » Sat Jul 01, 2017 12:15 pm

UkrZilla wrote:
> Ho Kez,
>
> You have to change metric on your VPN Client net card.
> Change from Automatic to 100.

It works, but it also broke the VPN for me. I can't ping any work VM by IP or hostname, can't RDP either. If I set the metric of the SoftEther VPN virtual NIC back to 1, it works again (but traffic is routed through work VPN).

I think the correct setting is to tick the "No adjustment of routing table" option under Advanced Settings of your connection on the VPN client. I've done several speedtests and I'm getting the correct result and I can still access work resources (ping, RDP etc) ok. However, I've read in another topic that this is unstable and some traffic may still be routed over the VPN. If I look at whatsmyip.com, I can see my home IP address so that's good. If I go to speedtest.net and do a test, the speed matches my home fiber connection, BUT it shows my ISP as my work connection and the IP also as my work public IP.....so it's a bit weird how split tunneling is implemented here.

The other suggestions were to adjust the routing table on the SoftEther VPN server (assuming you're using SecureNAT), and assuming if you're using the virtual DHCP server (within SecureNAT) then you could just not configure the default gateway.



UPDATE:
I take that back. The client side option "No adjustment of routing table" doesn't work. I'm not sure what it does, but it doesn't prevent internet traffic from routing through the VPN. My home router has a built-in Web History monitor and I can see internet traffic from the client side (work PC) being routed to my VPN server at home.

I think the best approach here is to configure the virtual DHCP setting without a default gateway, then "Edit the static routing table to push" with the following entry. Assuming you use the default SecureNAT settings, then edit the static routing table to the following:

192.168.1.0/255.255.255.0/192.168.30.1

In this example, 192.168.1.0 is my home network, and 192.168.30.1 is the SecureNAT default gateway. This basically says, any traffic for the 192.168.1.0 network will be routed via the SecureNAT default gateway.

I've done a few tests and can see that web traffic will still be routed through my work internet, whatsmyip also recognizes the public IP of my work internet. But any traffic for the 192.168.1.0 network will be routed over the VPN.

thisjun
Posts: 2090
Joined: Mon Feb 24, 2014 11:03 am

Re: Split Tunneling

Post by thisjun » Wed Jul 12, 2017 6:55 am

"No adjustment of routing table" is that maintaining route to VPN server when the client connect to the VPN server.

Post Reply