16
Virtual private networks / Re: Ikev2 split tunneling for Roadies - Best practice (Mac & Windows)
« on: October 27, 2021, 08:53:00 pm »
I wonder that this topic seem to do not care anybody really but I want to know and I do test and research about details regarding ikev2 split dns, split tunnelling/routing and encryption capabilities for windows 10+ and macOS in terms of
setup/maintenance overhead and performance and security indeed !
I guess that a lot of people who wanna get the benefits of ikev2 ending up routing the whole traffic over for pragmatic reasons and are generating a general traffic issue ending up dealing with bandwith limiting fun or using openvpn which is split able whoop but you need to touch and maintain the clients and is slow!
Personally I will continue with ikev2 for site2site only which is great (GCM & co) but due to the lack of documentation(pfsense & oPNsense) regarding details for clients (split, encryption capapabilities) it seems to be more an academic task. So for my Roadies I will choose Wireguard, ya I need to touch and maintain the clients also, but it is reasonable for what I get !
I hope that someone could benefit from my post & if anybody like to deploy split vps with appropriate encryption settings via windows cmd style, here is a way which works but I don't touch this into production ;-)
https://forum.netgate.com/topic/150670/safe-ikev2-configuration-for-pfsense-and-windows-10-and-macos
setup/maintenance overhead and performance and security indeed !
I guess that a lot of people who wanna get the benefits of ikev2 ending up routing the whole traffic over for pragmatic reasons and are generating a general traffic issue ending up dealing with bandwith limiting fun or using openvpn which is split able whoop but you need to touch and maintain the clients and is slow!
Personally I will continue with ikev2 for site2site only which is great (GCM & co) but due to the lack of documentation(pfsense & oPNsense) regarding details for clients (split, encryption capapabilities) it seems to be more an academic task. So for my Roadies I will choose Wireguard, ya I need to touch and maintain the clients also, but it is reasonable for what I get !
I hope that someone could benefit from my post & if anybody like to deploy split vps with appropriate encryption settings via windows cmd style, here is a way which works but I don't touch this into production ;-)
https://forum.netgate.com/topic/150670/safe-ikev2-configuration-for-pfsense-and-windows-10-and-macos