Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    IKEv2 with EAP-MSCHAPv2 connected but no internet access (Resolved)

    Scheduled Pinned Locked Moved IPsec
    3 Posts 2 Posters 4.9k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • K
      kapara
      last edited by

      I followed the article https://doc.pfsense.org/index.php/IKEv2_with_EAP-MSCHAPv2 and I am able to connect windows a Windows 8.1 machine but after I do both the VPN network and my local area connection show no internet.

      I am able to access the remote LAN network but I am not able to access the internet from my local machine.

      Has something changed since this doc was released or am I missing something?

      What if I want to do split tunnel?  I see this but I did not select it.  Is this the only option?

      Set Local Network as desired, e.g. LAN subnet
      To pass all traffic, including Internet traffic, across the VPN, set the Local Network to 0.0.0.0/0

      Update:  So changing to 0.0.0.0/0 allows traffic to go out remote gateway but can be bad esspecially with relation to latency.

      Based on another article I saw the following:

      When you have split tunneling enabled in Windows 10 you can add a VPN connection route for an IPv4 address. The route will only be set when the VPN connection is active (see https://technet.microsoft.com/en-us/library/dn262649.aspx).

      Windows PowerShell Example:
      Add-VpnConnectionRoute -ConnectionName "Contoso" -DestinationPrefix 176.16.0.0/16 -PassThru

      Windows PowerShell Enable Split Tunneling:
      set-vpnconnection Contoso -splittunneling $True

      https://forum.pfsense.org/index.php?topic=101305.10;wap2

      I am assuming that for example the VPN issues an IP of 172.50.50.12 on a 172.50.50.0/24 network to the connected computer so I should add the following command:

      Add-VpnConnectionRoute -ConnectionName "Contoso" -DestinationPrefix 172.50.50.0/24 -PassThru ?

      Skype ID:  Marinhd

      1 Reply Last reply Reply Quote 0
      • K
        kapara
        last edited by

        Ok so it looks like on windows 10 you must create the VPN via powershell in order for it to work.

        Also you must add the following command

        Add-VpnConnectionRoute -ConnectionName "Name of VPN" -DestinationPrefix x.x.x.x/x -PassThru

        Replace the x.x.x.x/x with the remote subnet you will need to access over the VPN. You will need to run this command for every subnet connected to the pfsense that you want the machine with the VPN to connect to.  This includes the subnet you assigned to the VPN unless you do not care about client s being able to connect to each other.

        Example Powershell:

        Add-VpnConnectionRoute -ConnectionName "Name of VPN" -DestinationPrefix x.x.x.x/x -PassThru

        set-vpnconnection Name of VPN -splittunneling $True

        If you get an error using the set-vpnconnection that the vpn is not in the address book then create the VPN via powershell

        Add-VpnConnection -Name "Name of VPN" -ServerAddress "DNS hostname or IP address"

        and then configure setting in GUI…ie IKEv2, EAP required etc as outlined in the document.  Then enter the 2 commands listed above.

        One thing I am curious about is possibly using the -ServerList command and allowing the client to be able to connecto either the primary location VPN and the backup location.....

        Skype ID:  Marinhd

        1 Reply Last reply Reply Quote 0
        • R
          RaThek
          last edited by

          Had similiar problem (0.0.0.0 route always added) when creating VPN from Windows GUI and PowerShell helped. Thanks.

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.