I’ve setup IPSec VPN with PSK on ipfire v154 and the main problem is that connected roadwarrior clients only resolves DNS naming when IPSec’s Local Subnet is set to 0.0.0.0/0.
And setting it to 0.0.0.0/0 all the Roadwarrior’s traffic is routed through our Office’s ipfire-firewall…
I would prefer to have split-tunneling but if I set IPSec’s Local Subnet to: 192.168.64.0/24 then I can’t ping any host with domain *.office.local
Here are my settings:
Green network: 192.168.64.0/24
DHCP-Server is up with domain: office.local on 192.168.64.1
Split tunneling is possible, though it’s more of a challenge for different clients. You don’t specify what OS you are using, but in Windows, one can go to the adapter and edit the advanced options under the IPV4 settings, Uncheck the box to use the default gateway on the remote side. That enables split tunneling.
Also, you can use PowerShell set-vpnconnection to enable Split Tunneling.
set-vpnconnection -name "My VPN Connection Name" -splittunneling $true
If you use a configuration profile, it’s possible to control many more parameters, but DNS and split tunneling are a challenge for Apple clients, I think.
hi !
i checked with actual version (on a mobile phone with PSK auth which is the only working config for me)
and its still like you write here… using 0.0.0.0/0 all is still ok, but when you want to route only traffiy to your local net via VPN (e.g. 192.168.1.0/24) DNS is broken for any reason…
So have you actually edit the file /etc/strongswan.d/charon/attr.conf (via ssh connection on your firewall), as described in the thread “IPSec on macOS and split tunneling” ?
This should also work on Android.