IKEv2 routes all traffic over VPN tunnel

Question

Level 1

26 points

IKEv2 routes all traffic over VPN tunnel

It seems that whenever I connect to a IKEv2 VPN, my routing table gets all messed up (I'm using route monitor to see the changes) and I also notice an entry in the console by nesessionmanager saying "Changing primary physical interface: ipsec0 => en0". Given that IKEv2 is not even present in the service order of interfaces, I find this very strange and disturbing.

Now, I don't know if this is built-in macOS behavior, but it's definitely not desirable in our corporate environment. Previously we used L2TP tunnels successfully, always unchecking the advanced option to "Send all traffic over VPN connection". There is, of course, no such option under advanced properties of IKEv2 connections.

Does anybody have any ideas or suggestions?

PS One more thing I have tried is to create the IKEv2 profile using the Apple Configurator 2, and I wanted to experiment with options, but so far I had no luck getting that to even work (unknown error when connecting to imported IKEv2 connection).

iMac 27", macOS 10.14

Posted on May 28, 2019 7:10 AM

Reply

Answer 1

hwfanatic Author

Level 1

26 points

May 28, 2019 9:11 AM in response to BobTheFisherman

I beg to differ. I have no such problems on Windows client machines when using IKEv2. It looks like a built-in preference of the macOS. I will wait for another volunteer who has had a similar problem to respond.

Reply

Answer 2

May 28, 2019 7:26 AM in response to hwfanatic

Then route your network traffic through it. I'm not understanding your issue. You want to use a VPN to route traffic though the VPN but you do not want to route traffic through the VPN. Sorry I'm not understanding your issue.

Are you saying you want multiple gateways at the same time?

Reply

Answer 3

hwfanatic Author

Level 1

26 points

May 28, 2019 7:27 AM in response to BobTheFisherman

The issue is using IKEv2 routes all traffic over the tunnel (so no access to the internet for a connected machine), while the desirable outcome is only to route certain subnets through the tunnel, like we did with L2TP.

Reply

Answer 4

May 28, 2019 7:53 AM in response to hwfanatic

hwfanatic wrote:

That is literally what routing is...

This is not the place to learn about network routing. I think this is a network/VPN configuration issue that needs to

be addressed with your VPN developer or with your network admin.

Reply

Answer 5

hwfanatic Author

Level 1

26 points

May 28, 2019 7:57 AM in response to BobTheFisherman

I am the admin. I tried calling Apple support to clarify this issue, but they told me they provide no such support and pointed me to the community. There is absolutely no reason that all traffic should be routed through the VPN tunnel unless specifically requested by either the server or the client.

If this is the wrong section, then move the discussion somewhere where it belongs, but please stick on topic.

Reply

Answer 6

May 28, 2019 7:13 AM in response to hwfanatic

Why use a VPN if you are not going to route traffic through it? Use a VPN that works for you if you want to use a VPN.

Reply

Answer 7

hwfanatic Author

Level 1

26 points

May 28, 2019 7:20 AM in response to BobTheFisherman

We use VPN to securely access services on our corporate servers, of course.

Reply

Answer 8

May 28, 2019 7:29 AM in response to hwfanatic

I don't know how a packet would know which gateway to use if you had multiple gateways configured at the same time. Use a VPN that does what you want.

Reply

Answer 9

hwfanatic Author

Level 1

26 points

May 28, 2019 7:37 AM in response to BobTheFisherman

That is literally what routing is...

Reply

Answer 10

May 28, 2019 8:04 AM in response to hwfanatic

This is a volunteer user-to-user Apple product help community. We are not here to help you with your network routing issues. Hire a network consultant if you can not manage your network internally. Your issue is not related to an Apple product.

Reply

IKEv2 routes all traffic over VPN tunnel

Similar questions