<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"><html>
<head>
<meta name="Generator" content="Zarafa WebApp v7.2.2-535">
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<title></title>
</head>
<body>
<p style="padding: 0; margin: 0;"><span style="font-size: 10pt; font-family: tahoma,arial,helvetica,sans-serif;">Hi.<br /></span></p>
<p style="padding: 0; margin: 0;"><span style="font-size: 10pt; font-family: tahoma,arial,helvetica,sans-serif;"><br /></span></p>
<p style="padding: 0; margin: 0;"><span style="font-size: 10pt; font-family: tahoma,arial,helvetica,sans-serif;">I've got a strange problem, and I hope you could help:<br /></span></p>
<p style="padding: 0; margin: 0;"><span style="font-size: 10pt; font-family: tahoma,arial,helvetica,sans-serif;"><br /></span></p>
<p style="padding: 0; margin: 0;"><span style="font-size: 10pt; font-family: tahoma,arial,helvetica,sans-serif;">I am currently using StrongSwan to protect my mobile devices when using Free Wifi Access Points.<br /></span></p>
<p style="padding: 0; margin: 0;"><span style="font-size: 10pt; font-family: tahoma,arial,helvetica,sans-serif;">On Android, using the StrongSwan App, I can connect to the VPN, and all Traffic is routed through the VPN (if I disable the forwarding in the server's iptables, the mobile device cannot access the internet any more).</span></p>
<p style="padding: 0; margin: 0;"><span style="font-size: 10pt; font-family: tahoma,arial,helvetica,sans-serif;"><br /></span></p>
<p style="padding: 0; margin: 0;"><span style="font-size: 10pt; font-family: tahoma,arial,helvetica,sans-serif;">But If I want to use the VPN with a Windows 10 client (Tablet, Desktop PC) using IKEv2, the connection is set up, I can connect to the virtual IP 10.1.1.1 for the server or 10.1.1.x for the windows device from both sides.<br /></span></p>
<p style="padding: 0; margin: 0;"><span style="font-size: 10pt; font-family: tahoma,arial,helvetica,sans-serif;">But in Windows, the connection status states "IP 10.1.1.21, Netmask 255.255.255.255, No Gateway", so that any traffic to the internet is send unencryptedly via the normal internet connection.<br /></span></p>
<p style="padding: 0; margin: 0;"><span style="font-size: 10pt; font-family: tahoma,arial,helvetica,sans-serif;"></span></p>
<p style="padding: 0; margin: 0;"><span style="font-size: 10pt; font-family: tahoma,arial,helvetica,sans-serif;">What do I have to do to let windows route everything through the VPN?</span></p>
<p style="padding: 0; margin: 0;"><span style="font-size: 10pt; font-family: tahoma,arial,helvetica,sans-serif;"></span></p>
<p style="padding: 0; margin: 0;"><span style="font-size: 10pt; font-family: tahoma,arial,helvetica,sans-serif;">My configuration is a follows:<br /></span></p>
<p style="padding: 0; margin: 0;"><span style="font-size: 10pt; font-family: tahoma,arial,helvetica,sans-serif;">/etc/ipsec.conf<br /></span></p>
<pre class="bbcode_code" style="height: 252px;">config setup
conn %default
ikelifetime=60m
keylife=20m
rekeymargin=3m
keyingtries=1
keyexchange=ikev2
conn nat-t
left=<ip-addresse of Server>
leftcert=server_cert.pem
leftid="<certificate>"
leftfirewall=yes
leftsubnet=0.0.0.0/0
right=%any
rightsubnet=10.1.1.0/24
rightsourceip=10.1.1.20/24
auto=add</pre>
<p style="padding: 0; margin: 0;"><span style="font-size: 10pt; font-family: tahoma,arial,helvetica,sans-serif;"><br /></span></p>
<p style="padding: 0; margin: 0;"><span style="font-size: 10pt; font-family: tahoma,arial,helvetica,sans-serif;">I have created certificates for all devices, so that I do not have any PSKs.<br /></span></p>
<p style="padding: 0; margin: 0;"><span style="font-size: 10pt; font-family: tahoma,arial,helvetica,sans-serif;">The server runs on Ubuntu 14.04, StrongSwan U5.1.2/K3.13.0-91-generic.<br /></span></p>
<p style="padding: 0; margin: 0;"><span style="font-size: 10pt; font-family: tahoma,arial,helvetica,sans-serif;"><br /></span></p>
<p style="padding: 0; margin: 0;"><span style="font-size: 10pt; font-family: tahoma,arial,helvetica,sans-serif;">Best regards,<br /></span></p>
<p style="padding: 0; margin: 0;"><span style="font-size: 10pt; font-family: tahoma,arial,helvetica,sans-serif;">Dirk<br /></span></p>
</body>
</html>