L2TP Remote access VPN 'split-tunneling'

Question

Dear Community, 
 For a client I am trying to get split-tunneling to work on an existing Sophos XG L2TP remote access VPN. I got it working on my test client machine by disabling the 'use gateway on remote network' checkbox and manually adding a route to the company subnets trough the vpn gateway address of the Sophos. And this works! 
 Now, to not have to add a route to all machines manually, I am looking for a better way of doing this. 
 In the 'Remote network details' section of the L2TP configuration I can specify a 'Remote subnet'. Will this be 'remote' for the client, or remote for the company network? 
 
 In other words; if I add the company subnet here, will it route all traffic from the client destined for the company network trough the VPN, and all other trough its own internet gateway? 
 If so, that would solve my problem :) 
 Best regards, 
 Jelle

KingChris · Accepted Answer

Hello Noxion 
 Do not change that unless you know the local network the user is coming from. 
 There is no way to achieve what you are trying to do. This is the inherent problem with L2TP. Either full tunnel with NO routes to add or split-tunnel and add routes. 
 You could try and utilize the Sophot Connect Client. This works off of IPsec tunneling protocols and provides a little more features that could be useful to you. 
 Thanks!

Noxion · Answer

Hello KingChris, 
 Thank you so much for your quick and clear answer! I think I'm going to advice my client to migrate to the Sophos Connect Client then. 
 Thanks again! 
 Regards, Jelle

L2TP Remote access VPN 'split-tunneling'

Top Replies