L2TP/IPSec Split Tunneling Problem


#1

Hello,

I have problem with setting up L2TP/IPSec server on VyOS. I have trued both version 1.1 and 1.2 same problem.

I would like to achieve, than only certain traffic from VPN Client flow to VPN Server. So only traffic to four networks go over VPN, they are 172.16.0.0/24, 172.16.4.0/24, 172.16.7.0/24, 172.16.8.0/24.

When I set following command

set vpn ipsec nat-networks allowed-network 172.16.0.0/24
set vpn ipsec nat-networks allowed-network 172.16.4.0/24
set vpn ipsec nat-networks allowed-network 172.16.7.0/24
set vpn ipsec nat-networks allowed-network 172.16.8.0/24

When VPN is connected, I don’t see any networks in host routin table, from following commands. It seems VPN Client isn’t installing network routes.

But if I set command in following manner:

set vpn ipsec nat-networks allowed-network 0.0.0.0/0

VPN Client is installing default route into host routing table.

For VPN Client I use native L2TP/IPSec client.

Could you please advice how can I solve my problem.

Hire is complete L2TP/IPSec vpn configuration.

set vpn ipsec ipsec-interfaces interface eth0
set vpn ipsec nat-traversal enable
set vpn ipsec nat-networks allowed-network 0.0.0.0/0

set vpn l2tp remote-access outside-address 95.213.170.75
set vpn l2tp remote-access client-ip-pool start 10.0.10.20
set vpn l2tp remote-access client-ip-pool stop 10.0.10.30
set vpn l2tp remote-access ipsec-settings authentication mode pre-shared-secret
set vpn l2tp remote-access ipsec-settings authentication pre-shared-secret password
set vpn l2tp remote-access authentication mode local
set vpn l2tp remote-access authentication local-users username user password password