i have configured and running l2tp-ipsec server on microtik, but dont wants to route all internet trafic throught VPN. Just want to acces to local LAN.
how i can do this?
It is, provided that the LAN consists of a single subnet and you assign addresses from the same subnet to the L2TP client (doing so requires use of the arp=proxy-arp workaround); if this is not the case, you can use Powershell to add routes when the particular VPN connection becomes active, or you can use the usual command line to add "persistent" routes with the VPN interface as IF (and 0.0.0.0 as a gateway IP).Windows 10 - i found a way named split tunneling by disabling "use the default gateway of the remote network" on VPN connection, but i am not sure if this is the correct way
I don't think there is any.Android 10,11 - not found that option under integrated VPN client (Samsung)
I'm not sure how hotspots are related...? It is a problem if the LAN subnet on the L2TP server end overlaps with the subnet to which the client is connected locally, but there is no way how the server could learn the local network configuration of the client. So I don't get much what you have in mind. But otherwise yes, I had in mind the Add-VpnConnectionRoute command.The clients can be on different subnets 192.168.40.0/24 or 192.168.20.0/24 etc.. 192.168.0.0/24 as it can connect from different hotspots
so i need to add this on Windows client side?
Add-VpnConnectionRoute -ConnectionName "VPNconnectionname" -DestinationPrefix 192.168.40.0/24 -PassThru
It is pointless to refer to videos as no one will spend time to watch them, but yes, I have in mind IKEv2 with certificates. Certificates are apparently not necessary for the native VPN client of Android, but Windows only support certificate authentication for IKEv2.you mean setup microtik vpn server with self certifikates like this: https://www.youtube.com/watch?v=fQokeBcrjdc