Closed e-wu closed 5 years ago
Done. However, normal split tunnel routes traffic through the default gateway which would be internet first. The VPN gateway would have static route all CIDRs that must go through VPN. This results in a very large and unmaintainable list.
To do youtube, it's 49 entries.
What we wanted was inverse split tunnel which appears to not be supported by SoftEther. Unsure if Fortinet supports it as can't access the product. Cisco may.
Change approach again (fail fast). Leverage the server as VPN and turn off split tunnel. Let's try client based routing as it has the ability to look at domain names instead. For example, youtube has many IPs due to what region of the world your in. So, f we can whitelist domains, it'll be easier.
The feature we'll use is Microsoft Always On VPN. It allows:
Flipping the product to OpenSwan as need IKEv2 support.
Install SoftEther