I’m using the Windows L2TP/IPsec client but I do not want to send everything through the VPN interface, which is the default behavior in the Windows L2TP/IPsec implementation.
When an L2TP/IPsec client connects to a NetWall firewall, it will send a DHCP inform message in the L2TP connection to request that the server forwards any additional DHCP options that may be configured. One of the options it requests is “Static Route”.
A solution in a few simple steps:
- Configure a DHCP Relay object in cOS Core that listens on the relevant L2TP Interface and forwards requests to the MS DHCP Server.
2. Configure the DHCP Scope in Windows to only include the IP and subnet of the L2TP Interface and remove any unused options (i.e. DNS, router and so on).
3. Add option 121 with the routes needed, with the IP of the L2TP Interface as the router IP.
Note that this solution has been tested by Clavister with both OS X and Windows clients.
Note: Some administrators may wonder why we cannot use a DHCP server that is set up in cOS Core itself. The reason for this is that the cOS Core DHCP server does not send the specific option format that the client needs in order to accept the route. This is a known limitation in cOS Core and may be subject to change in the future. Using an MS DHCP server is a good workaround until then (note that the internal Clavister R&D ID for this issue is COP-15720).
11 Jan, 2023 ipsec core vpn
24 Mar, 2023 core ipsec ippool dhcp
12 Apr, 2023 core proxyarp arp ipsec routing
23 Aug, 2022 core certificate oneconnect ipsec vpn
23 Nov, 2022 core ipsec
21 Feb, 2023 ipsec certificate windows ca core
22 Mar, 2021 core ipsec routing
13 Apr, 2023 core routing ospf ipsec
17 Jun, 2021 core ipsec routing
8 Mar, 2023 core l2tp ipsec
20 Feb, 2023 core vpn ipsec
4 Aug, 2023 core ipsec troubleshoot ike
14 Apr, 2021 core license ipsec
8 Sep, 2020 core ipsec rules access
29 Mar, 2023 ipsec core windows vpn l2tp
5 Apr, 2023 ipsec core
16 Sep, 2020 vpn ipsec ikev2 windows howto dh
7 Dec, 2022 ipsec ike troubleshoot core
14 Dec, 2022 core ipsec
5 Apr, 2023 core nps ipsec radius legacy
14 Mar, 2023 core ipsec vpn ikev2 certificate
23 Aug, 2022 core ipsec license memory
15 Mar, 2023 core ipsec ipv6
30 Nov, 2020 howto core cloud-init dhcp
23 Aug, 2022 core connections ipsec memory
13 Feb, 2023 ipsec core routing failover