SOLVED! macOS Split-Tunneling works now ! tested on macOS Big Sur 11.5.2
No need to edit the Profile file, just edit /etc/strongswan.d/charon/attr.conf…read on:
First I didn’t see the article of Frakkingsweet that @cfusco posted earlier:
https://www.frakkingsweet.com/strongswan-ikev2-split-dns-and-ios/
Just edit /etc/strongswan.d/charon/attr.conf for Split-Tunneling on macOS (and iOS too) and add the line:
25 = myoffice.local
Of course change myoffice.local to your internal DNS name.
So /etc/strongswan.d/charon/attr.conf looks like:
# Section to specify arbitrary attributes that are assigned to a peer via
# configuration payload (CP).
attr {
# Add the following for IPSec split-tunnel
# See https://www.frakkingsweet.com/strongswan-ikev2-split-dns-and-ios/
#
25 = myoffice.local
# <attr> is an attribute name or an integer, values can be an IP address,
# subnet or arbitrary value.
# <attr> =
# Whether to load the plugin. Can also be an integer to increase the
# priority of this plugin.
load = yes
}
I also narrowed the Local Subnet to 192.168.64.0/24 instead of 0.0.0.0/0 in IPSec WebUI > edit Connection.
Then restart ipsec:
#ipsec restart
Finally IPSec Split-Tunneling should work! Hope this helps others…
It would be great to have this option in the IPSec WebUI…