Skip to main content
oryagel
oryagel
New Member
January 24, 2012
Question

IPSec redirect all traffic to the VPN

  • January 24, 2012
  • 5 replies
  • 4563 views
Hi, I set up IPSec VPN. I successfully connected with an iPhone. The iPhone can ping to the internal network, but when it goes to sites like whatismyip.com I can see the 3g IP and not the VPN IP. How can I redirect all traffic to the VPN? Thanks

    5 replies

    ede_pfau
    SuperUser
    ede_pfau
    SuperUser
    January 24, 2012
    You set the default gateway to the VPN tunnel: as destination network, instead of your private 192.168.x.y/24 you enter 0.0.0.0 Make sure that on your Fortigate you allow traffic from the tunnel to WAN with an additional firewall policy.
    oryagel
    oryagelAuthor
    New Member
    January 24, 2012
    Thanks I don' t understand what' s wrong with the current configuration. Here it is: 
    set type dynamic          set interface " wan2"           set dhgrp 2          set xauthtype auto          set mode-cfg enable          set proposal aes256-md5 3des-sha1 aes192-sha1          set authusrgrp " VPN_Mobile"           set default-gw 172.16.1.254          set ipv4-start-ip 172.16.5.210          set ipv4-end-ip 172.16.5.220          set ipv4-netmask 255.255.0.0          set dns-mode auto          set ipv4-split-include " Private"           set domain " XYZ"           set psksecret XYZi
    abelio
    SuperUser
    abelio
    SuperUser
    January 24, 2012
    I don' t understand what' s wrong with the current configuration. Here it is: 
              set ipv4-split-include " Private"
    Please, re-read above Ede' s post once again; you' ve the answer there. Textually from the official docs: ipv4-split-include <address_name>: Select the address or address group that the client can reach through the VPN. This information is sent to the client as part of IKE Configuration Method. This is available only if mode-cfg is set to enable.
    ddskier
    ddskier
    New Member
    January 24, 2012
    Typically you don' t want Internet traffic to route through your VPN tunnel. The VPN Tunnel should only allow access to your " Private" systems.
    oryagel
    oryagelAuthor
    New Member
    January 24, 2012
    I understand. The thing is that we have few web applications which allow access only from the VPN IP address. I want the VPN users to use these applications. How can I change the VPN so that all the traffic will route to it?
    oryagel
    oryagelAuthor
    New Member
    January 26, 2012
    Thanks I want all traffic to route to the VPN, not just traffic to specific addresses. How should I configure this?
    Terms & ConditionsAccessibility statement