Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    [Solved] Mobile Ipsec to Windows has no gateway

    Scheduled Pinned Locked Moved IPsec
    1 Posts 1 Posters 312 Views 1 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • W Offline
      wdtj
      last edited by

      Never found a solution to this while googling, so I figured I'd put it here for posterity.

      Windows Native IPSec will not create a default gateway to the remote network. To solve this, when I create the connection, I use a powerScript something like:

      # CA cert from pfSense
Import-Certificate .\Netgate+Auto+VPN+CA.crt -CertStoreLocation cert:\LocalMachine\Root
# Be sure you also have a "Server" cert on pfSense that references this cert

# Create VPN Connection.  -SplitTunneling will disable routing from this interface and we need to roll our own.
Add-VpnConnection -Name "myVPN" -ServerAddress "ww.xx.yy.zz" –TunnelType IKEv2 -EncryptionLevel Required -AuthenticationMethod EAP -SplitTunneling –AllUserConnection -RememberCredential

#Create route to remote VPC
Add-VpnConnectionRoute -Name "myVPN" -DestinationPrefix "10.10.0.0/16"

      One problem I could not figure out what how to create the VPN credentials from PowerScript.

      Repeat the Add-VpnConnectionRoute for each subnet specified. I got an error when I used 0.0.0.0/0.

      Hope this helps somebody.

      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.