Win10 IKEv2 --> pfsense 2.4.4 has local access or internet access, but not both
-
I am trying to provide VPN access to an employee from Win10 without putting a hardware tunnel appliance at his house. I am testing at my house, where I do have a pfsense box, but I've disabled the site-to-site tunnel for testing, so for purposes of todays' discussion, it's just a NAT router:
The Mobile IPSec tunnel server at the Main Office is set up and running, and AFAICT it's set up properly, because when either my Mac or my iPhone connects via the Apple native clients (which apparently behave like Cisco clients), I have access to both the internet and to main office LAN resources, such as that printer's status page at http://192.68.0.49 and to domain resources by IP address (DNS issues are for another thread).
But when the Win10 box connects via Windows's native IKEv2 client, I can get either internet access or remote LAN access, but not both.
If Use default gateway on remote network is checked, then I have access to remote LAN addresses, but internet access doesn't work, even by IP address (I have a box exposed on a public IP address as a test target).
If Use default gateway on remote network is unchecked, then I have no access to remote LAN addresses, but internet access works completely. But, of course, now the VPN isn't doing anything useful.
I think this is a problem on the Win10 configuration end, because my macOS and iOS clients both work, connecting to the same IPSec mobile tunnel with the same credentials. But I don't know what other settings to fiddle with on the Windows box.
-
I'm trying to post the results of tracert, but it's getting flagged as spam.
-
Fixed:
Add-VpnConnectionRoute -ConnectionName "PI-IKEV2-VPN" -DestinationPrefix 192.168.0.0/24 -PassThru
with the Use Default Gateway . . . unchecked.