daknetworks.com

You are here: Blog Watchguard VPN Split Tunnel Doesn't Resolve

Watchguard VPN Split Tunnel Doesn't Resolve

Watchguard VPN setup. Watchguard has a split tunnel automatically. Works for hundreds of people.

Run into a new setup where the Watchguard VPN would connect but asking for vlan resources would respond back with the local network. The desired result is the remote network.

This happens to be on an ATT home router. The laptop is hard-wired connected. Note that the wireless connection work fine. Go figure.

Here's how to diagnose on the vpn laptop:

  • -click START > POWERSHELL (as admin).
  • -type: get-netipinterface

Typically, out of the box, each connection will have a name (obviously) and a setting for IPV4 and IPV6. Each setting will have a METRIC.

Let's say the the connections are named: ETHERNET and VPN.

You will notice that:

ETHERNET IPV4 has a metric of 35
ETHERNET IPV6 has a metric of 35
VPN IPV4 has a metric of 35
VPN IPV6 has a metric of 35

What we need to do is set the METRIC on the hard-wired connection to a number higher than the vpn connection.

-type: netsh int ipv4 set interface interface="ETHERNET" metric=40
-type: netsh int ipv6 set interface interface="ETHERNET" metric=40

That should do it.

Note that other posts will talk about turning ipv6 off, etc. This can be done via PowerShell:
Disable-NetAdapterBinding –InterfaceAlias “Ethernet Interface Name Here” –ComponentID ms_tcpip6

Contact Dak Networks

We are not taking on new clients at this time.