dslreports logo
 
    All Forums Hot Topics Gallery
spc
Search similar:


uniqs
427
EzNetwork
join:2015-02-22

EzNetwork

Member

USG 100, L2TP and split tunnel

I have setup a L2TP VPN on the USG 100, the problem I have is that I want the vpn client to connect to the local network only to access local resources (local subnet) and use their internet connection for anything else.

I read and tested the CMAK trick to deploy L2TP client with routing setup to windows clients, BUT this require the connecting user to have administrative privilege on the windows PC and in my scenario this is a no go.

I read that using some old fw version the L2TP ip poll was configured using part of the lan1 subnet, is this still possible? I tried but didn't work, but maybe I did it wrong.
This way I won't need to setup a route on the client PC connecting to USG.

Thank you in advance for any advise.
gb5102
join:2003-10-07
Saint Paul, MN

gb5102

Member

You are correct that admin privs are req'd for updating the routing tables when using l2tp with the cmak 'trick'. I have not found a solution for this unfortunately...but maybe somebody knows something that I don't...

The workaround I have used when split-tunnel is req'd and user cannot have admin privs is to use Shrewsoft client with a straight-IPSec connection, this way the routing is done by the shrewsoft client.(you can also use x-auth if desired so that you can tie into AD/LDAP for user auth similar to l2tp)
EzNetwork
join:2015-02-22

EzNetwork

Member

Thank you for the reply gb5102, in fact...I'm already using Shrewsoft but I'm investigating a simplier solution that does'n require extra software.
I'm thinking that...maybe using 1:1 NAT for some internal IPs....may do the trick. I'll test that
JPedroT
Premium Member
join:2005-02-18

JPedroT to EzNetwork

Premium Member

to EzNetwork
If memory servers me correctly, L2TP split tunneling is a vendor extension and not a part of the standard.

So the question is, does Windows and ZyWALL support it?