Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    No default Gateway with Windows 10 VPN Client

    IPsec
    2
    7
    6.1k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • B
      bdgarcia
      last edited by

      I have created an IKEv2 VPN for Windows 10 clients according to these articles:
      https://forum.pfsense.org/index.php?topic=127457.0
      https://doc.pfsense.org/index.php/IKEv2_with_EAP-MSCHAPv2

      I can get it to connect fine, but I do NOT get a default gateway on the VPN connection.
      PPP adapter .***.net:

      Connection-specific DNS Suffix  . :
        IPv4 Address. . . . . . . . . . . : 192.168.102.1
        Subnet Mask . . . . . . . . . . . : 255.255.255.255
        Default Gateway . . . . . . . . . :

      So I cannot route any traffic to my home network which has blocks on various VLANS 192.168.56.0/24, 192.168.56.57.0/24, 192.168.58.0/24,192.168.201.0/24.

      I want avoid if possible the remote user from having to add route statements, and or run powershell, as they are people supporting some of my home automation and home theater gear.

      If more details are needed please let me know.

      Thank you for your help.

      Bryan

      1 Reply Last reply Reply Quote 0
      • DerelictD
        Derelict LAYER 8 Netgate
        last edited by

        Sorry but windows IPsec sucks.

        There should be a checkbox in the interface they can check. I don't think they need to do the powershell thing any more though it might be easier if you just gave them a script to run.

        Pretty sure that use default gateway checkbox is the one you want.

        ![Screen Shot 2018-03-20 at 11.03.30 PM.png](/public/imported_attachments/1/Screen Shot 2018-03-20 at 11.03.30 PM.png)
        ![Screen Shot 2018-03-20 at 11.03.30 PM.png_thumb](/public/imported_attachments/1/Screen Shot 2018-03-20 at 11.03.30 PM.png_thumb)

        Chattanooga, Tennessee, USA
        A comprehensive network diagram is worth 10,000 words and 15 conference calls.
        DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
        Do Not Chat For Help! NO_WAN_EGRESS(TM)

        1 Reply Last reply Reply Quote 0
        • B
          bdgarcia
          last edited by

          Hi,

          Thank you.  This definitely helped some, but I can only reach the network named in the local network in the Phase 2 setup.  What I am trying to setup is when the remote device connects becomes a part of a network, and then I can put in place rules to allow access to the other networks and devices.    I have not been able to figure out how to accomplish this, but so far I have not figured out what do do.

          Bryan

          1 Reply Last reply Reply Quote 0
          • B
            bdgarcia
            last edited by

            To further elaborate:

            I currently have a WAN network, a VoIP network,  Control network, Home Network (where user devices connect), Management Network, and a guest Network (each a seperate .  I would like to setup the VPN to either place the VPN client on the home network, or on a dedicated network (interface) for VPN clients (or something comparable).  When the VPN client connects it get's an IP address , default gateway for that interface (network), and then it can access other networks and devices based on the rules.

            Bryan

            1 Reply Last reply Reply Quote 0
            • DerelictD
              Derelict LAYER 8 Netgate
              last edited by

              Well, that's what you should have as long as that box is checked on the clients and you are setting a local network of 0.0.0.0/0 in the IPsec settings.

              Rules on the IPsec tab govern what the clients can and can't access.

              Chattanooga, Tennessee, USA
              A comprehensive network diagram is worth 10,000 words and 15 conference calls.
              DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
              Do Not Chat For Help! NO_WAN_EGRESS(TM)

              1 Reply Last reply Reply Quote 0
              • B
                bdgarcia
                last edited by

                Hi Derelict,

                I have set in the IPSEC Virtual Address Pool in the IPSEC mobile client setup tab, Client Configuration (mode-cfg) section

                Network configuration for Virtual Address Pool : 192.168.224.0/24

                Are you suggesting I should be using a value of 0.0.0.0/0 here?

                Sorry, I am not questioning you, just trying to understand.

                Thx
                Bryan

                1 Reply Last reply Reply Quote 0
                • DerelictD
                  Derelict LAYER 8 Netgate
                  last edited by

                  No. In the IPsec Phase 2.

                  Just like here:

                  https://doc.pfsense.org/index.php/IKEv2_with_EAP-MSCHAPv2#Phase_2

                  Chattanooga, Tennessee, USA
                  A comprehensive network diagram is worth 10,000 words and 15 conference calls.
                  DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
                  Do Not Chat For Help! NO_WAN_EGRESS(TM)

                  1 Reply Last reply Reply Quote 0
                  • First post
                    Last post
                  Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.