Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
lestopace
Staff
Staff

Created on ‎04-11-2022 07:34 AM Edited on ‎01-17-2025 06:32 AM By Moderator

Article Id 208910

Technical Tip: How to enable split-tunneling in Windows 10/11 (L2TP/PPTP VPN)

Description This article describes how to enable split-tunneling in Windows 10 (L2TP/PPTP VPN).
Scope FortiGate.
Solution

In this example, L2TP was used.

 

lestopace_7-1649469982057.png

 

All traffic from this machine is going through the FortiGate.

 

lestopace_9-1649470157892.png

 

To enable split-tunneling:

 

  1. Go to L2TP properties in Control Panel\Network and Internet\Network Connections.

 

lestopace_2-1649469341765.png

 

  1. Then on the VPN Connection Properties window, go to the Networking tab, select Internet Protocol Version 4 (TCP/IPv4), and select Properties.

 

lestopace_3-1649469467746.png

 

  1. On the Internet Protocol Version 4(TCP/IPv4) Properties, select Advanced.

 

lestopace_4-1649469586063.png

 

  1. Deselect the Use default gateway on the remote network box and try to reconnect to the VPN.

 

lestopace_0-1649470281921.png

 

Results:

 

A split-tunnel route has automatically been created to its respective classful address.

 

lestopace_8-1649470057331.png

 

For Windows 11:

 

  1. Open the search bar and look for the settings:
                                                                            
    Screenshot 2025-01-07 145400.jpg                                                                                      
  2. Go to Network & Internet and VPN:
                                                                
    Screenshot 2025-01-07 145453.jpg                                                                                    
  3. Select the VPN connection and select Advanced Options:
                                                                     
    Screenshot 2025-01-07 145621.jpg                                                                      
  4. On the VPN selected, select Edit on More VPN properties:
                                                                                           
    Screenshot 2025-01-07 145658.jpg 
  5. In the Properties menu go to Networking, select Internet Protocol Version 4 (TCP/IPv4), and select Properties:
                                                                                  
    Screenshot 2025-01-07 145731.jpg                                                                                 
  6. Once in the Advance TCP/IP Settings, go to IP Settings and unselect the Use default gateway on remote network option:
                                                                            

Screenshot 2025-01-07 145815.jpg

 

 

Note:
This method will prevent the VPN from injecting the default route using the VPN tunnel interface. To enable split-tunneling to other local subnets, refer to Technical Tip: Split tunneling on L2TP/IPSEC VPN between FortiGate and Windows 10.


If the users are unable to access the Internet after applying the above configuration, follow the steps outlined in this article for a solution: Resolving Internet Connectivity Issues with L2TP.
9025
0 Kudos
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.