Thank you. Disappointing that the API is kinda crippled. How does Meraki suppose that we work in big network environments? Doing all by hand? ... View more

Thanks, I already looked there, but it seems the API is missing many settings like the ones I mentioned. Any chance the API will be updated? Is there any other way to copy such settings? Can't find anything at the dashboard too, only using templates which I don't want to do. ... View more

Thank you very much for explaining the difference and functionalities! So what I need is the Auth. Proxy as we just want to secure the VPN access. As I understand the Auth. Proxy can check for AD group memberships just like our RADIUS is doing right now, is that correct? I suppose the Auth. Proxy will sync our AD groups to the DUO administration console? We still would keep the RADIUS for the wifi connections and as a backup if anything goes south. ... View more

Maybe I'm getting it wrong, but there is no possibility to set DHCP options in the 'Client VPN' settings of the dashboard, or is there? What I meant: there should be either a switch 'Split Tunneling' or similar in /configure/client_vpn_settings which activates DHCP option 121 on the Meraki DHCP server, so it pushes the VPN enabled static routes to the VPN clients. That would be the only viable solution. But I don't see any switch and under 'DHCP' I only can set options for our VLANs, but not for the client VPN subnet.   ... View more

Well thank you, but as I said, I don't want to configure every single client for itself, because when routes are added/changed I would have to reconfigure every single client again. Why wouldn't Meraki be able to do that? If the MX, where one terminates and pulls the DHCP settings/option from, just pushes DHCP option 121 it would allow automatic split tunneling. Then just add an option to enable or disable that feature and voila! Or do I miss something here?   Apart from that, every other serious solution I know on the market is able to enable split tunneling directly on the VPN server side so I think this is something Meraki should be able to do as well? ... View more

DNS doesn't have to do anything with VPN at all, at least not regarding split tunneling/routing. ... View more

That sure is a nice feature for certain cases, but DNS resolution is not the problem with split tunneling, but the static routing is. As long as the client doens't know that for example 172.0.0.0/8 should go through the tunnel (which Meraki advises to put manually in the routing table of the client) it will try to use the standard interface and not the VPN device and thus fail to reach the host within the 172.0.0.0/8 network. One sure can activate the the VPN device to be the standard gateway, but then ALL traffic will go through VPN which (for us) is not desirable. We only want to have business traffic going through the VPN tunnel and the rest of the (private) traffic go through the users private connection. ... View more

When connecting to the VPN you need a local DHCP Server issuing an IP and via DHCP options push the routes that are activated in the Meraki dashboard, so split tunnelling is possible. I don't see how a cloud based DNS would help in that case? ... View more

I find this not very satisfying as I don't want to manually enroll routes on every single client, no matter if it is possible by scripting or not.   Will there be a solution for the routes to be pushed by the VPN DHCP Server via L2TP? It should be possible with DHCP option 121 / 249. ... View more