Hi Folks,
I’ve been experimenting with Windows built-in VPN Client to replace Cisco’s IPSEC VPN client which is no longer supported.
The feature I’m lacking (besides mobile device support) is selective split tunneling, or the ability to inject routes to a VPN Client deice.
My Goal : All Company Subnets can be routed to/from a Windows SSTP VPN Client but public Internet Access from the connected client does *not* go through the VPN tunnel.
The VPN client settings appear to be route everything through the Tunnel, or route only the one subnet that is assigned to DHCP.
Am I missing something here, or can anyone suggest a way of acomplishing this? It was very easy using Cisco, with an Access-List defining the Split-tunneling subnets.
thanks
You can enable split tunnelling in Windows 10 with PowerShell.
Set-VpnConnection “VPN Connection Name” -SplitTunneling $true
You can also create an XML VPN connectoid that has the split tunnelling flag as well as all the subnets you want to route to.
You can follow this guide
See the System Centre Config Manager section for the XML and Powershell script.
Just set the AlwaysOn flag to false if you don’t want AlwaysOn VPN
Use this XML to add the routes
10.10.10.0
24
See here for an example:
Never heard of SSTP.
Why don’t you use SSL VPN?
You can disable “Use default gateway on remote networks” on the clients “Adapter → IPv4/6 → Advanced” properties.
It’s enabled by default.
You can also use IKEv2 to connect from mobile devices to a Windows VPN server (at least on iOS, didn’t test other platforms). Supports certificate authentication etc.
Thank you. This looks exactly what I’m looking for.
Edit: unless it requires Windows 10 enterprise and SCCM Which it might do. I may end up having to adding routes via a script.
Not supported on latest Cisco ISRs. And requires additional licensing.
Edit : also has poor throughput in my limited testing vs IPSec.
It should have less throughput than IPsec, as it operates on a higher layer. But What I read of SSTP it also works with SSL.
It does but feedback on performance has been pretty good by users. No stats to show, but no real complaints.