If someone needs IPSec Split-Tunneling (tested for macOS) so that the traffic is split between Roadwarrior’s local network and the ipfire/office-network (by default the whole traffic is routed through ipfire/office’s network, which is not always desired):
Just edit /etc/strongswan.d/charon/attr.conf on ipfire and add the attribute:
25 = myoffice.local
Then restart ipfire’s ipsec:
#ipsec restart
You can also narrow your “Local Subnet” from 0.0.0.0 to e.g.: 192.168.64.0/24 (for example myoffice.local subnet is 192.168.64.0/24) instead of 0.0.0.0/0.
See original article here: StrongSwan, IKEv2, Split DNS and iOS
And discussion here:
IPSec on macOS and split tunneling - #14 by cgil
Also it would be great to have this feature in IPSec’s WebUI since setting “DNS Server” doesn’t enable directly split-tunneling…at least for me.