[strongSwan] Windows 7 IKEv2 problems

Luca Tettamanti kronos.it at gmail.com
Wed Jul 28 16:13:34 CEST 2010 

Hello,

Kevin Clark <kevin.clark at ...> writes:
> The second and more troubling problem is to do with the routes that Windows creates to support the subnet
> behind the VPN gateway.  I only want packets destined for the remote subnet to go across the VPN.  If I enable
> "Use default gateway on remote network" everything gets routed through the VPN which I don't want.   I've
> have disabled this option and left "class based route addition" enabled but then all I get are routes
> supporting the virtual IP address, not the subnet behind the VPN gateway.  You may well say that this is a
> Windows issue but I hope that there's some parameter missing from my config that will fix this.
>
> IPv4 Route Table [ class based route addition ]
> ====================
> Active Routes:
> Network Destination        Netmask          Gateway       Interface  Metric
>           0.0.0.0          0.0.0.0     192.168.25.1    192.168.25.10     10
>         127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
>         127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
>   127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
>       192.168.7.0    255.255.255.0         On-link       192.168.7.2     11
>       192.168.7.2  255.255.255.255         On-link       192.168.7.2    266   <---- the assigned virtual
>     192.168.7.255  255.255.255.255         On-link       192.168.7.2    266
>
> IPv4 Route Table [ default route enabled ]
> ====================
> Active Routes:
> Network Destination        Netmask          Gateway       Interface  Metric
>           0.0.0.0          0.0.0.0     192.168.25.1    192.168.25.10   4235
>           0.0.0.0          0.0.0.0         On-link       192.168.7.3     11   <---- everything shoved down the VPN
>         127.0.0.0        255.0.0.0         On-link         127.0.0.1   4531
>         127.0.0.1  255.255.255.255         On-link         127.0.0.1   4531
>   127.255.255.255  255.255.255.255         On-link         127.0.0.1   4531
>       192.168.7.3  255.255.255.255         On-link       192.168.7.3    266

I just encountered the same problem, albeit with Windows 2k8 R2; my
configuration is identical to yours (minus EAP).
Did you find any solution to this problem?
In the end I disabled "Use default gateway on remote network" and
resorted to a static route on Win, so that the traffic for the LAN is
sent to the VPN...

L

More information about the Users mailing list