IPSec VPN with native windows VPN client
-
Hi
I recently upgraded a few of my computers to the latest Windows 10 preview build and since the native windows vpn client does not work with pfsense i Windows 7 and Windows 8.x, i asumed that it would be the same with Windows 10, which it is.
My road warrior configuration is as per this guide: https://doc.pfsense.org/index.php/IPsec_Road_Warrior/Mobile_Client_How-ToNormally I would use the Shrew SoftVPN, but this does not work with Windows 10 either. I do not know if their client will get updated to work with Windows 10, but since the native client in OS X is working, I would actually prefer to use the native client in Windows as well.
Can the configuration be changed to work with the native windows client, without breaking support for OS X and Android or should I create a L2TP connection for windows clients instead?
-
At the moment I'd say your best bet is this: https://doc.pfsense.org/index.php/IKEv2_with_EAP-MSCHAPv2
-
Take a look at the green bow project.
http://www.thegreenbow.com/doc/tgbvpn_cg-pfsense-router-en.pdf
https://forum.pfsense.org/index.php?topic=28638.0
It seems to be a more actual solution supporting windows 8.1 / 10. shrewsoft doesn't, that's the only main reason i am still using windows 7 at the moment.
Do not hesitate to post your testings here or on a new thread. there is no "the green bow pfsense road warrior" yet.
Des someone know if pfsense plan to work itself on a windows vpn client such as cisco have thier own vpn client software for windows?
that could be a really good idea to implement that feature!
-
I am using the ShrewSoft client on Windows 10 to connect to a Cisco ASA. Maybe it doesn't work specifically with pfsense, but Shrew itself does seem to work on Windows 10.
-
At the moment I'd say your best bet is this: https://doc.pfsense.org/index.php/IKEv2_with_EAP-MSCHAPv2
This works well from the latest Windows 10 clients (Version 10.0.16299 Build 16299), but there is a problem that sneaks in.
The IPSec connection also add a default route to the windows routing table resulting in 2 0.0.0.0 routes. This breaks internet access.
What causes this insertion and how to we stop that from happening?
Here are the routes:
Active Routes: Network Destination Netmask Gateway Interface Metric 0.0.0.0 0.0.0.0 192.168.43.1 192.168.43.218 4280 0.0.0.0 0.0.0.0 On-link 192.168.120.1 46
thanks!
-
What causes this insertion and how to we stop that from happening?
Oh, how the sneaky obscure windows settings snag the occasional visitor to it's strange entangled world! :-)
I thought I found the problem, but no! The Windows client had the "use default gateway on remote network" set in the VPN client (tcp/ip properties | advanced). Unchecked that and that causes the additional default route insertion to stop, but it also doesn't know how to route any traffic via the VPN.
So do I have to add a manual route to the IPSec client config? I will do that for now, but I have a hunch that the IPSec server should somehow tell the client what traffic to route via it, not?
-
Did you ever get a solution to this missing route problem on Windows 8?