Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    IPSec VPN with native windows VPN client

    IPsec
    5
    7
    24.1k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • K
      Kenneth_H
      last edited by

      Hi
      I recently upgraded a few of my computers to the latest Windows 10 preview build and since the native windows vpn client does not work with pfsense i Windows 7 and Windows 8.x, i asumed that it would be the same with Windows 10, which it is.
      My road warrior configuration is as per this guide: https://doc.pfsense.org/index.php/IPsec_Road_Warrior/Mobile_Client_How-To

      Normally I would use the Shrew SoftVPN, but this does not work with Windows 10 either. I do not know if their client will get updated to work with Windows 10, but since the native client in OS X is working, I would actually prefer to use the native client in Windows as well.

      Can the configuration be changed to work with the native windows client, without breaking support for OS X and Android or should I create a L2TP connection for windows clients instead?

      1 Reply Last reply Reply Quote 0
      • jimpJ
        jimp Rebel Alliance Developer Netgate
        last edited by

        At the moment I'd say your best bet is this: https://doc.pfsense.org/index.php/IKEv2_with_EAP-MSCHAPv2

        Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

        Need help fast? Netgate Global Support!

        Do not Chat/PM for help!

        1 Reply Last reply Reply Quote 0
        • Z
          zikmen
          last edited by

          Take a look at the green bow project.

          http://www.thegreenbow.com/doc/tgbvpn_cg-pfsense-router-en.pdf

          https://forum.pfsense.org/index.php?topic=28638.0

          It seems to be a more actual solution supporting windows 8.1 / 10. shrewsoft doesn't, that's the only main reason i am still using windows 7 at the moment.

          Do not hesitate to post your testings here or on a new thread. there is no "the green bow pfsense road warrior" yet.

          Des someone know if pfsense plan to work itself on a windows vpn client such as cisco have thier own vpn client software for windows?

          that could be a really good idea to implement that feature!

          Thanks,
          Tommy

          1 Reply Last reply Reply Quote 0
          • O
            orev
            last edited by

            I am using the ShrewSoft client on Windows 10 to connect to a Cisco ASA.  Maybe it doesn't work specifically with pfsense, but Shrew itself does seem to work on Windows 10.

            1 Reply Last reply Reply Quote 0
            • lifeboyL
              lifeboy
              last edited by

              @jimp:

              At the moment I'd say your best bet is this: https://doc.pfsense.org/index.php/IKEv2_with_EAP-MSCHAPv2

              This works well from the latest Windows 10 clients (Version 10.0.16299 Build 16299), but there is a problem that sneaks in.

              The IPSec connection also add a default route to the windows routing table resulting in 2 0.0.0.0 routes.  This breaks internet access.

              What causes this insertion and how to we stop that from happening?

              Here are the routes:

              Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0     192.168.43.1   192.168.43.218   4280
          0.0.0.0          0.0.0.0         On-link     192.168.120.1     46

              thanks!

              1 Reply Last reply Reply Quote 0
              • lifeboyL
                lifeboy
                last edited by

                @lifeboy:

                What causes this insertion and how to we stop that from happening?

                Oh, how the sneaky obscure windows settings snag the occasional visitor to it's strange entangled world! :-)

                I thought I found the problem, but no! The Windows client had the "use default gateway on remote network" set in the VPN client (tcp/ip properties | advanced).  Unchecked that and that causes the additional default route insertion to stop, but it also doesn't know how to route any traffic via the VPN.

                So do I have to add a manual route to the IPSec client config?  I will do that for now, but I have a hunch that the IPSec server should somehow tell the client what traffic to route via it, not?

                lifeboyL 1 Reply Last reply Reply Quote 0
                • lifeboyL
                  lifeboy @lifeboy
                  last edited by

                  Did you ever get a solution to this missing route problem on Windows 8?

                  1 Reply Last reply Reply Quote 0
                  • First post
                    Last post
                  Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.