No default Gateway with Windows 10 VPN Client

bdgarcia · Mar 21, 2018, 5:17 AM

I have created an IKEv2 VPN for Windows 10 clients according to these articles:
https://forum.pfsense.org/index.php?topic=127457.0
https://doc.pfsense.org/index.php/IKEv2_with_EAP-MSCHAPv2

I can get it to connect fine, but I do NOT get a default gateway on the VPN connection.
PPP adapter .***.net:

Connection-specific DNS Suffix . :
IPv4 Address. . . . . . . . . . . : 192.168.102.1
Subnet Mask . . . . . . . . . . . : 255.255.255.255
Default Gateway . . . . . . . . . :

So I cannot route any traffic to my home network which has blocks on various VLANS 192.168.56.0/24, 192.168.56.57.0/24, 192.168.58.0/24,192.168.201.0/24.

I want avoid if possible the remote user from having to add route statements, and or run powershell, as they are people supporting some of my home automation and home theater gear.

If more details are needed please let me know.

Thank you for your help.

Bryan

Derelict · Mar 21, 2018, 6:04 AM

Sorry but windows IPsec sucks.

There should be a checkbox in the interface they can check. I don't think they need to do the powershell thing any more though it might be easier if you just gave them a script to run.

Pretty sure that use default gateway checkbox is the one you want.

![Screen Shot 2018-03-20 at 11.03.30 PM.png](/public/imported_attachments/1/Screen Shot 2018-03-20 at 11.03.30 PM.png)
![Screen Shot 2018-03-20 at 11.03.30 PM.png_thumb](/public/imported_attachments/1/Screen Shot 2018-03-20 at 11.03.30 PM.png_thumb)

bdgarcia · Mar 22, 2018, 2:24 AM

Hi,

Thank you. This definitely helped some, but I can only reach the network named in the local network in the Phase 2 setup. What I am trying to setup is when the remote device connects becomes a part of a network, and then I can put in place rules to allow access to the other networks and devices. I have not been able to figure out how to accomplish this, but so far I have not figured out what do do.

Bryan

bdgarcia · Mar 22, 2018, 3:19 AM

To further elaborate:

I currently have a WAN network, a VoIP network, Control network, Home Network (where user devices connect), Management Network, and a guest Network (each a seperate . I would like to setup the VPN to either place the VPN client on the home network, or on a dedicated network (interface) for VPN clients (or something comparable). When the VPN client connects it get's an IP address , default gateway for that interface (network), and then it can access other networks and devices based on the rules.

Bryan

Derelict · Mar 22, 2018, 4:29 AM

Well, that's what you should have as long as that box is checked on the clients and you are setting a local network of 0.0.0.0/0 in the IPsec settings.

Rules on the IPsec tab govern what the clients can and can't access.

bdgarcia · Mar 22, 2018, 4:44 AM

Hi Derelict,

I have set in the IPSEC Virtual Address Pool in the IPSEC mobile client setup tab, Client Configuration (mode-cfg) section

Network configuration for Virtual Address Pool : 192.168.224.0/24

Are you suggesting I should be using a value of 0.0.0.0/0 here?

Sorry, I am not questioning you, just trying to understand.

Thx
Bryan

Derelict · Mar 22, 2018, 5:39 AM

No. In the IPsec Phase 2.

Just like here:

https://doc.pfsense.org/index.php/IKEv2_with_EAP-MSCHAPv2#Phase_2