Configure L2TP/IPsec vpn on Windows to only use vpn for internal resources?

[JohannesTN]

Hello Forum

I have set up the L2TP/IPSec VPN on my Qnap via QVPN and it works, but not exactly like I would like it to.

I have configured the built in VPN capabilities in Windows 10 to connect to the VPN, and this works by default which routes all my network traffic through the VPN which also means that I have no troubles reaching local resources like my NAS on 192.168.1.100 or by hostname.

The thing is that I would prefer a split-tunnel setup where "regular" traffic destined for the Internet is not routed over the VPN. Only attempts to reach local resources should be routed through the VPN.

I went to the advanced settings of the VPN NIC created by Windows, here I disabled the option "Use standard gateway of remote network" to enable split tunneling - now all traffic routes through whatever connection I'm on instead of through the VPN, but this also means that I can't reach local resources like my NAS, not by ip or hostname.

I then tried adding a static route like this: route add 192.168.1.100 mask 255.255.255.255 192.168.2.1 - this enables me to ping and access the NAS by ip (still can't do it by hostname...) while Internet traffic is still routed through whatever connection I'm on - this is what I wanted to achieve


I would like to be able to access all of my internal resources when connected through the VPN, but do I really have to add static routes to all of those in order for this to probably work... ? Maybe there is another way of achieving the same, that I doesn't know

Also it would be a plus to be able to reach the resources by hostname like I normally can. My router is located at 192.168.1.1 and is acting as DNS server which hands out Googles DNS'es over DHCP, what would it take to be able to access resources by hostname?


Thanks in advance.

Best regards
Joe

[AlastairStevenson]

I then tried adding a static route like this: route add 192.168.1.100 mask 255.255.255.255 192.168.2.1

I may be wrong on this - nowhere near a Windows machine to check it - but presumably you need to add a route for the network instead of the host, eg

Code: Select all

route add 192.168.1.0 mask 255.255.255.0 192.168.2.1

[JohannesTN]

I just tried, and this does indeed enable me to access all local devices, so that works

Do you know if I really have to add this static route every time, or is there some setting somewhere that I am not aware of?

Thank you

[JohannesTN]

Also I would still like to know how to access the devices by hostname, if anyone knows.

[AlastairStevenson]

Do you know if I really have to add this static route every time, or is there some setting somewhere that I am not aware of?

There is a -p command option that makes the route persistent across reboots.

Also I would still like to know how to access the devices by hostname, if anyone knows.

A rather crude and old-fashioned method, in the absence of name services, is to add the host / IP address pairs into the /Windows/System32/drivers/etc/hosts file.

[JohannesTN]

Oh yea, the hosts file could be my rescue.

- It is not that clear to me what I would need on my network to be able to access the devices by hostname when connected through VPN... Do you have an idea on this? - I guess it would be something with a local DNS server on my home network, and then set the VPN NIC to use that as DNS server - but if that's "just" it, I don't fully understand why it works without a dedicated DNS server when I am directly connected to my home network, but not when connected through the VPN

[JohannesTN]

No one with an idea of what I need to access devices by hostname when connected through VPN?