[Solved] Mobile Ipsec to Windows has no gateway



  • Never found a solution to this while googling, so I figured I'd put it here for posterity.

    Windows Native IPSec will not create a default gateway to the remote network. To solve this, when I create the connection, I use a powerScript something like:

    # CA cert from pfSense
    Import-Certificate .\Netgate+Auto+VPN+CA.crt -CertStoreLocation cert:\LocalMachine\Root
    # Be sure you also have a "Server" cert on pfSense that references this cert
    
    # Create VPN Connection.  -SplitTunneling will disable routing from this interface and we need to roll our own.
    Add-VpnConnection -Name "myVPN" -ServerAddress "ww.xx.yy.zz" –TunnelType IKEv2 -EncryptionLevel Required -AuthenticationMethod EAP -SplitTunneling –AllUserConnection -RememberCredential
    
    #Create route to remote VPC
    Add-VpnConnectionRoute -Name "myVPN" -DestinationPrefix "10.10.0.0/16"
    

    One problem I could not figure out what how to create the VPN credentials from PowerScript.

    Repeat the Add-VpnConnectionRoute for each subnet specified. I got an error when I used 0.0.0.0/0.

    Hope this helps somebody.


Log in to reply