hello.
i have vpn server activated on mikrotik and connected client pushes all traffic through the vpn server.
how do i configure a vpn server so that only traffic goes through vpn when is should access a remote ressource?
ex. client is a mobil phone, vpn via l2tp/ipsec to mikrotik, remote ressource is a server share or nas, traffice to remote goes through vpn
all normal traffic should use the public ip of my mobile phone.
mali2003
Re: vpn server dont push default gateway
Sadly, this is not as easy as you might expect.
I have configured L2TP/IPsec on mobile phones (Android) as well, using the standard setup, and it behaves the same way.
There are some proprietary solutions to this problem but MikroTik does not support them, and I don't know if Android does.
I have configured L2TP/IPsec on mobile phones (Android) as well, using the standard setup, and it behaves the same way.
There are some proprietary solutions to this problem but MikroTik does not support them, and I don't know if Android does.
Re: vpn server dont push default gateway
what a pity...
i thought that would be an easy configuration think, like in an option in openvpn "push def. gw"..
thx for your reply.
if anybody has another suggestion, you are welcome
i thought that would be an easy configuration think, like in an option in openvpn "push def. gw"..
thx for your reply.
if anybody has another suggestion, you are welcome
Re: vpn server dont push default gateway
To understand it: in L2TP/IPsec the router does not "push the gw", it is the client that decides to "use the VPN peer as default gw".
Usually you can turn that off in the client, but I don't think that is even possible in Android VPN (it is some months ago I set it up).
Anyway, once you would turn off that option you would have to add routes for some specific subnet(s) and that would be the next problem...
Indeed OpenVPN normally would provide that function, but in the case of the MikroTik OpenVPN that is not possible either.... (very limited version)
So you are really out of luck here. About the only thing that can work is a bare IPsec configuration with IKEv2 with policy setup for the subnets you want to route.
But I think Android can only do that with certificates, so there is a little bit of studying ahead.
(how to generate/install certificates that are trusted on the client)
Usually you can turn that off in the client, but I don't think that is even possible in Android VPN (it is some months ago I set it up).
Anyway, once you would turn off that option you would have to add routes for some specific subnet(s) and that would be the next problem...
Indeed OpenVPN normally would provide that function, but in the case of the MikroTik OpenVPN that is not possible either.... (very limited version)
So you are really out of luck here. About the only thing that can work is a bare IPsec configuration with IKEv2 with policy setup for the subnets you want to route.
But I think Android can only do that with certificates, so there is a little bit of studying ahead.
(how to generate/install certificates that are trusted on the client)
Re: vpn server dont push default gateway
You can do this with IKEv1 road warrior mode-config, which should work with basically all devices (unlike IKEv2 which does not currently have such widespread support).
Details can be found in this video: https://www.youtube.com/watch?v=QlkIbx0Jpoo
Details can be found in this video: https://www.youtube.com/watch?v=QlkIbx0Jpoo