I'm attempting to change the settings of a Cisco IPSec VPN connection which was set up through OSX's built in VPN client in system preferences. The VPN functions as expected, allowing me to access protected servers at my company. I would like to access other websites on the internet through this VPN (youtube, wikipedia, whatever). As far as I can tell, my regular web browsing is not being directed through the VPN.
This apple support page says there is a setting called "Send all traffic over VPN connection" which can be enabled through the Apple menu > System Preferences > Network > Advanced > Options dialogue. However, when I select the VPN from the network interface list and click the "Advanced…" button, there is no "Options" tab or button. I see a dialogue with two tabs, "DNS" and "Proxies". There is no options button or "Send all traffic over VPN connection" anywhere to be found.
So, what gives? Does this have to do with what kind of VPN I am connected to (Cisco IPSec)? Is it related to the VPN's settings? Regardless, how can I route normal browsing through the VPN?
Best Answer
I guess not all VPN connections of the build-in VPN client in Mac have that option.
The PPTP and L2TP do offer the option: Open your network settings:
Select your VPN connection and click on the advanced button.
A new window will pop up with three check-boxes under the heading "Session options". The last one of these checkboxes is the one you want: "redirect all traffic over VPN".
However, like you said. The advanced button does not pop up with Cisco IPSec.
I found this thread (https://superuser.com/questions/91191/how-to-force-split-tunnel-routing-on-mac-to-a-cisco-vpn) that maybe could be an answer to your problem (if you use it to route the whole ip range):
The following works for me. Run these after connecting to the cisco vpn. (I'm using OS X's built-in cisco client, not the Cisco branded client.)
Replace "10" in the first command with the network that's on the other side of the tunnel.
Replace "192.168.0.1" with your local network's gateway.
I put it into a bash script, like this:
I also found an explanation on how to run this automatically when you connect the VPN, but it's late on Friday and I don't feel like trying it :)
https://gist.github.com/675916
Edit:
I have since left the job where I was using the Cisco VPN, so this is from memory.
The "10" in the first command is the network that you want to route over the VPN. "10" is short hand for "10.0.0.0/8". In Tuan Anh Tran's case, it looks like the network is "192.168.5.0/24".
As for which gateway to specify in the second command, it should be your local gateway. When you log into a VPN that prevents split-tunneling, it is enforcing that policy by changing your routing tables so that all packets are routed on the virtual interface. So you want to change your default route back to what it was prior to getting on the VPN.
The easiest way to figure out the gateway is to run netstat -rn before logging into the VPN, and look at the IP address to the right of the "default" destination. For example, here's what it looks like on my box right now:
My gateway is 10.0.1.1 -- it is to the right of the "default" destination.