[Solved] Mobile Ipsec to Windows has no gateway

  • Never found a solution to this while googling, so I figured I'd put it here for posterity.

    Windows Native IPSec will not create a default gateway to the remote network. To solve this, when I create the connection, I use a powerScript something like:

    # CA cert from pfSense
    Import-Certificate .\Netgate+Auto+VPN+CA.crt -CertStoreLocation cert:\LocalMachine\Root
    # Be sure you also have a "Server" cert on pfSense that references this cert
    # Create VPN Connection.  -SplitTunneling will disable routing from this interface and we need to roll our own.
    Add-VpnConnection -Name "myVPN" -ServerAddress "ww.xx.yy.zz" –TunnelType IKEv2 -EncryptionLevel Required -AuthenticationMethod EAP -SplitTunneling –AllUserConnection -RememberCredential
    #Create route to remote VPC
    Add-VpnConnectionRoute -Name "myVPN" -DestinationPrefix ""

    One problem I could not figure out what how to create the VPN credentials from PowerScript.

    Repeat the Add-VpnConnectionRoute for each subnet specified. I got an error when I used

    Hope this helps somebody.