Split-Tunnel SSTP VPN

sysadmin · February 17, 2025, 8:11pm

Router Information

Peplink Balance 305
Product Code: BPL-305
Hardware Revision: 2
Firmware: 8.5.1 build 5340

Backend Information

RRAS + NPS + DUO Auth Proxy
VLAN dedicated to VPN DHCP block
Using Windows 11 Built-in VPN client

What have others done to enable split-Tunneling on the Balance 305 when not using PepVPN? VPN connections are required for some internal resources and a file share.

I’d like to ensure web browsing and other non-essential traffic do not route through the RRAS and have explored some of the local client settings, such as clearing the flag for “Use default gateway on remote network” and setting the DNS to the local DCs but I am sure I am missing the supporting infrastructure on the Peplink Balance 305.

I look forward to hearing some other creative approaches from the community.

Noah_Helterbrand · February 17, 2025, 10:15pm

If you are using RRAS, and not the B305 as your VPN server, then those routing decisions are controlled by the server running your RRAS service and your B305 isn’t really “in the loop” here except for maybe a static route.

If you want you want your peplink router to control it, you might try openVPN in the peplinks RUA. It works well with DUO for MFA.

sysadmin · February 17, 2025, 10:32pm

Thank you @Noah_Helterbrand - I figured the B305 is essentially just handing off the request to the RRAS. I sure appreciate your quick response. Enjoy your day/night!