Connect with us

Hi, what are you looking for?


Configure a VPN for Split Tunnel Client

Configure a VPN for Split Tunnel Client

– 👌

  1. Configure Split Tunnel for Windows
  2. Split Tunnel Configuration for OS X
  3. Check the connection

Cisco Meraki Client VPN only creates full-tunneled connections, which will route all client traffic through the VPN to the configured MX. As such, any content filtering, firewall or traffic rules will apply to the VPN client’s outbound traffic.

For remote workers or users whose traffic should not be restricted in the same way, clients can be configured to use a split tunneling connection to route VPN traffic only if necessary:

This article includes instructions for configuring the VPN for the split tunnel client on Windows and Mac OS X. For the standard VPN client configuration on Windows and Mac OS X, please refer to the VPN Client Setup Guide. The rest of this article assumes that the VPN is already set up this way.

Noticeable: This configuration involves manually adding entries to the client routing table, and should be followed by users who have a thorough understanding of routing mechanisms.

Configure Split Tunnel for Windows

First, modify the properties of the VPN connection so that it is not used as the default gateway for all traffic:

  1. Go to Control Panel > Network and Sharing Center > Change adapter settings
  2. Right-click on the VPN connection, then choose Properties
  3. select file Networks Tab
  4. Choose Internet Protocol version 4 (TCP/IPv4) and click Properties
  5. click advanced
  6. Uncheck the “Use default gateway on remote network” box
  7. click OK To apply changes to the interface

Next, add the routes for the required VPN subnets. This should be done with a VPN tunnel connection:

  1. Open Command Prompt (hold Windows key and press “R”)
  2. Type “ipconfig /all” and press Enter (Noticeable: VPN name will not be displayed unless you are connected to a VPN)
  3. Under the list of interfaces, find the description of the previously created VPN connection. This will be required later.
  4. Run the command below to replace the relevant information between the <> tags:
    Noticeable: Destination subnet refers to the local LAN subnet (in CIDR notation) on the device location, Not The Client VPN subnet specified in the dashboard.

add netsh ipv4 interface to path <الشبكة الفرعية للوجهة> “<اسم الواجهة>”

Use the same command, replacing “add” with “delete” to remove the path.

Split Tunnel Configuration for OS X

First, disable the full tunnel (all traffic through the VPN):

  1. Go to OS X specific VPN settings, located under System Preferences > Network.
  2. click Advanced Settings
  3. Under “Options” section, uncheck “Send all traffic via VPN”

Add a new route to the local routing table:

  1. Connect to Client VPN
  2. Open the Terminal application; This is usually located in Applications > Utilities > Terminal
  3. Check which PPP interface is used with Client VPN, this can be done by typing ‘ifconfig’
  4. As a superuser, enter the following command, replacing the relevant information between the <> tags:
    Noticeable: Destination subnet refers to the local subnet of the local network on the device site, Not The Client VPN subnet specified in the dashboard.

add-net path <الشبكة الفرعية الوجهة> -net mask <قناع الشبكة الفرعية> -ppp0 interface

Previous. “sAdd External Network – Netmask – Interface ppp0.0

To check if the route has been added, take a look at the routing table, the new subnet should now have an entry. The routing table can be accessed by typing “netstat -r”:

The routing table must be modified based on the networks that will be accessed via the Client VPN (for example, more than one network behind the hub). The interface will also have to be modified if there is more than one VPN configured on the client.

Check the connection

Now that the route is added, a tracking route can be performed to check the direction of traffic. All internet traffic must go to the normal interface and all VPN traffic must go to the PPP interface.

Noticeable: These steps must be entered each time the VPN is brought in, but can be specified in a script to quickly make changes when needed. The specific process for this will largely depend on the operating system, the tools available, and the preferences of the administrator.

Don’t forget to share this post with friends !

Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *



AnyConnect certificate-based authentication. Cisco community 👨‍💻 The information in this document is based on the following software and hardware versions: ASA 5510 running software...


AnyConnect: Install a self-signed certificate as a trusted source 👨‍💻 kmgmt-2879-cbs-220-config-security-port objective The goal of this article is to walk you through creating and...


Top 5 Free AV Packages – 👌 Bitdefender Antivirus Free Edition best interface Positives Works on Windows 7 and 8.1 Very easy to use...


Avira Free Antivirus Review for Mac / Windows and Android are the most common targets for malware programmers, but that doesn’t mean macOS is...