Thanks to ipfire v158 it’s easier than ever to allow macOS and iOS devices to connect via IPSec directly, no third-party app required.
It works great on macOS Catalina 10.15.7 & Big Sur 11.5.2 for IpSec Roadwarrior & Certifcate but I’ve to set “Local Subnet” to “0.0.0.0/0” to have access to the office’s local DNS or else the DNS names will not resolve (even if setting DNS Server manually).
Sadly all traffic routes through the IPSec VPN which is not desired if you have a lot of connected IPSec connections…so Split Tunneling would be the solution to allow connection to the office’s network but other traffic routed via the home’s router.
Here are the commands for split tunneling for Cisco IPSec on macOS but doesn’t seem to work for me:
(192.168.64 is the office’s network / 192.168.178.1 is my home router “fritzbox”)
sudo route -nv add -net 192.168.64 -interface ipsec0
sudo route change default 192.168.178.1
A better solution would of course to have Split Tunneling directly on ipfire IPSec configuration…at least a Cisco Unity plugin existed for Strongswan long time ago: [strongSwan] Need help with StrongSwan & Mac OS X split tunneling
Or any other suggestion how to implement Split Tunneling via /etc/ipsec.user.conf ?