[Solved] Mobile Ipsec to Windows has no gateway
-
Never found a solution to this while googling, so I figured I'd put it here for posterity.
Windows Native IPSec will not create a default gateway to the remote network. To solve this, when I create the connection, I use a powerScript something like:
# CA cert from pfSense Import-Certificate .\Netgate+Auto+VPN+CA.crt -CertStoreLocation cert:\LocalMachine\Root # Be sure you also have a "Server" cert on pfSense that references this cert # Create VPN Connection. -SplitTunneling will disable routing from this interface and we need to roll our own. Add-VpnConnection -Name "myVPN" -ServerAddress "ww.xx.yy.zz" –TunnelType IKEv2 -EncryptionLevel Required -AuthenticationMethod EAP -SplitTunneling –AllUserConnection -RememberCredential #Create route to remote VPC Add-VpnConnectionRoute -Name "myVPN" -DestinationPrefix "10.10.0.0/16"
One problem I could not figure out what how to create the VPN credentials from PowerScript.
Repeat the Add-VpnConnectionRoute for each subnet specified. I got an error when I used 0.0.0.0/0.
Hope this helps somebody.