Thanks a lot,

It seems it is what I need

Need some time to configure it

Regards

Hello,

I used this link to set up a new vpn

The VPN was created but when I see the the VPN properties, in the network section, there is a field named "Accessible Networks", which is in the "Split tunnel" part, this field does not show anything, just a Little circle like searching for something.

I upload a screenshot to Google photos but it seems it is not supported for this.

I used the cli to remove the "Accessible Networks" but when I try to add a network, nothing appear, it only allow me to add a new network/ip range, I tried to créate a new address object but neither appears as selected.

Any Idea?

Thanks in advance

Regards!

yes if you enable split-tunneling you can enter into accessible networks either the network you want or even a group of networks using address objects. Then upon connecting the VPN with FortiClient (or what ever you use) you get a network route for every of these networks. Your default route will not be touched. So you will have internet as you have without vpn and be able to reach remote networks.

Without split tunneling the vpn will change your default route to the remote FGT upon connecting to enable you to get further.

Hi,

I'm hoping someone can please help me with this related problem.

I have an issue with split-tunnelling on a dialup IPSec VPN.

I have a working configuration which I set-up via the wizard. Within that I have enabled split tunnelling and then entered the sub-net I would like access to with appropriate policies.

Clients use the ForClientVPN to connect.

When connected via this VPN tunnel, everything works as it should.  Access to the sub-net specified above is routing through the VPN tunnel, but anything else goes directly from the remote client. Great.

I have set up another tunnel via the wizard with exactly the same settings, except the accessible sub-net.  But I had to convert it to a custom configuration as I needed to add a PEERID to distinguish it from the first tunnel (I'm using the same Public IP on the FW for both).  Although I have the split-tunnelling configured the same way on this tunnel, all traffic is being routed via the tunnel and not just that to the specified sub-net.

I have been checking this over and over and have found that an entry is being added to the routing table on the client:

Net Dest        Netmask          Gateway                   Interface                         Metric

0.0.0.0          0.0.0.0            192.168.29.232         192.168.29.231               2

as well as the default gateway which has a Metric of 50.

I have tried deleting this, but this causes the VPN connection to drop completely.

Note, that a similar entry is not added when using the wizard created tunnel that does work.

Please help as this is driving me crazy!

Thanks in advance.

For split tunneling, under the portal that you all have created set network addresses that you want to be through the tunnel. One of the mistakes that i have noticed in a clients place was , accidentally they included 0.0.0.0 in it.

example below.

config vpn ssl web portal

edit xyz >>>> name of your portal

set split-tunneling-routing-address 192.168.100.0/24, 192.168.101.0/24 >>>> address that you want through tunnel

You will need to create these addresses in the address book first to use them in here.

Importantly, once you have done all these and saved the config, get the users to disconnect from vpn & again reconnect back to check.

route print or similar commands depending on OS will help you confirm this.

Hope it helps.

Update : I have now got this working.

I did have the network addresses specified as @suthomas1 says above.

The issue in my case was actually related to how the network IP range is specified for the Address object.  It appears it must be specified as a "subnet" and not as a "range". 

If this is not the case then appropriate routes are not created in the local routing table when the VPN connection is made.

I hope this helps someone else!

Did you use the wizzard? Then you might have to convert your vpn to a normal tunnel to have al options available.

Hello

I tried to change the VPN to custom, but still the same

In "Accessible networks" appears a circle with dots spinning

Regards