Client VPN split tunneling via DHCP options?

DSchn
Here to help

Client VPN split tunneling via DHCP options?

I find the current Meraki solution how to 'activate' split tunneling by simply manually adding the relevant routes to each client not very satisfying. I don't want to manually enroll routes on every single client. Yes I know it would be possible by scripting or else, but because it's prone to errors and double work (configuring routes on the dashboard + in the GPO) that's no viable option.

 

Will there be a solution for the routes to be pushed by the VPN DHCP Server? It should be possible with DHCP option 121 / 249? This could be solved by an additional option on the VPN dashboard to activate split tunneling, so the DHCP would push the static routes that have 'In VPN?' on 'Yes'.

4 Replies 4
PhilipDAth
Kind of a big deal
Kind of a big deal

Use powershell.  This page contains an example of how to configure split tunneling:

http://www.ifm.net.nz/cookbooks/meraki-client-vpn.html

 

It is not somthing Meraki can do.  Microsoft would need to add support for any extra DHCP options to their OS.

DSchn
Here to help

Well thank you, but as I said, I don't want to configure every single client for itself, because when routes are added/changed I would have to reconfigure every single client again.

Why wouldn't Meraki be able to do that? If the MX, where one terminates and pulls the DHCP settings/option from, just pushes DHCP option 121 it would allow automatic split tunneling. Then just add an option to enable or disable that feature and voila! Or do I miss something here?

 

Apart from that, every other serious solution I know on the market is able to enable split tunneling directly on the VPN server side so I think this is something Meraki should be able to do as well?

ccnewmeraki
Getting noticed

Windows DHCP client does accept static routes from any DHCP server configured with the right options.

 

We use it to work around the lack of LAG group support in the MX devices, by pushing inter-vlan traffic through a L3 switch.

DSchn
Here to help

Maybe I'm getting it wrong, but there is no possibility to set DHCP options in the 'Client VPN' settings of the dashboard, or is there?


What I meant: there should be either a switch 'Split Tunneling' or similar in /configure/client_vpn_settings which activates DHCP option 121 on the Meraki DHCP server, so it pushes the VPN enabled static routes to the VPN clients. That would be the only viable solution.

But I don't see any switch and under 'DHCP' I only can set options for our VLANs, but not for the client VPN subnet.

 

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels