Split Tunneling Question

Perhaps you could copy and paste the lines you see that you are talking about.

Cheers - Bob

Default setting:

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.0.1 192.168.0.102 4260
0.0.0.0 0.0.0.0 On-link 3.3.3.2 36
3.3.3.2 255.255.255.255 On-link 3.3.3.2 291

THe option "use default gateway..." unchecked:

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.0.1 192.168.0.102 35
3.0.0.0 255.0.0.0 3.3.3.1 3.3.3.2 36
3.3.3.2 255.255.255.255 On-link 3.3.3.2 291

192.168.0.1 - local router lan gateway

3.3.3.2 - local L2TP vpn interface

3.0.0.0 255.0.0.0 3.3.3.1 3.3.3.2 36

That's weird - what's going on inside your PC?

Cheers - Bob

That s what i am trying also to understand here;and this ia not a pc issue. That route is pushed by the sophos. The L2PT pool defined on sophos is 3.3.3.0/24 and somehow it changes the mask. Nevertheless,with or without the corect mask,that route is still strange. What would have been the normal outcome unchecking the “use default gateway...”? What route should i have had seen there, because i see that all l2tp does ia to inject a default route with a better metric.

Not sure why you wouldn't just use the default subnets that the UTM has pre-configured.  In any case, you haven't configured 3.3.3.0/24, you've configured 3.0.0.0/8.

Cheers - Bob

Bob, that is not right. I am using 3.3.3.0/24. Please check the the file 3.3.3.0.jpg bellow.

Nevertheless, i followed your advice in using the default L2TP pool:

The result is exactly the same. Please check bellow the routing table on the client PC:

Default setting "use default gateway on remote network" checked:

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.0.1 192.168.0.102 4260
0.0.0.0 0.0.0.0 On-link 10.242.3.2 36

Default setting "use default gateway on remote network" unchecked:

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.0.1 192.168.0.102 35
10.0.0.0 255.0.0.0 10.242.3.1 10.242.3.2 36

Still summarizes to /8 and my subnets behind the firewall are inexistent here.

Do you see what i mean?

I don't have a way to reproduce this until next week, but I never use L2TP for any of my clients since the SSL VPN is so flexible.  Maybe someone else has some input on this issue.

FWIW, 3.0.0.0/9 and 3.128.0.0/10 are Amazon IPs.  3.192.0.0/10 belongs to General Electric.  Just curious, what benefit do you expect from using the 3. subnet for L2TP?

Cheers - Bob

I expect the benefit to work as it should. And as i said, it is 3.3.3.0/24, not 3.  Sophos makes it 3. instead of how it defined it, exactly as it does with the default L2TP 10.254.3.0/24

The 3.3.3.0/24 subnet is not mandatory for me; i can change it to whatever subnet, but the point different.

For avoiding confusion we can stick to the default pool 10.254.3.0/24

I just confirmed that I also get 10.0.0.0/8 and that that causes me no problems.  Fortunately, that entire subnet is reserved for private use.  I'm not sure why that's done.  The SSL VPN remote access connection is only a /24.  Anyway, another good reason to not change the default VPN pools.

Cheers - Bob

Ok, thanks.