Issue #3255
Split Tunneling on Windows 10
Affected version:
5.4.0
Resolution:
Duplicate
Description
Hello,
I am using StrongSwan on a Raspberry Pi as "server" and a computer on Windows 10 as "client" to have a secure communication between each other. The connection and the authentication are ok but when I am trying to reach my Raspberry with a ping, for example, it is not sent through the VPN (I sniff the traffic between the Raspberry and the computer and I can see ICMP packet).
On the Raspberry, I block every ports except those for SSH, DHCP and IPSec. Below is my iptables:
Chain INPUT (policy DROP 51 packets, 4431 bytes)
pkts bytes target prot opt in out source destination
19 1292 ACCEPT all -- lo any anywhere anywhere
0 0 ACCEPT esp -- eth1 any anywhere anywhere
645 85429 ACCEPT tcp -- eth1 any anywhere anywhere tcp dpt:ssh
463 168K ACCEPT udp -- eth1 any anywhere anywhere udp dpt:bootps
23 8972 ACCEPT udp -- eth1 any anywhere anywhere udp dpt:500
752 137K ACCEPT udp -- eth1 any anywhere anywhere udp dpt:4500
Chain FORWARD (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
19 1292 ACCEPT all -- any lo anywhere anywhere
0 0 ACCEPT esp -- any eth1 anywhere anywhere
564 102K ACCEPT tcp -- any eth1 anywhere anywhere tcp spt:ssh
452 148K ACCEPT udp -- any eth1 anywhere anywhere udp spt:bootps
19 5516 ACCEPT udp -- any eth1 anywhere anywhere udp spt:500
373 68140 ACCEPT udp -- any eth1 anywhere anywhere udp spt:4500
Here is my ipsec.conf file:
config setup
charondebug="ike 2, knl 2, cfg 2"
conn %default
ikelifetime=60m
keylife=20m
rekeymargin=3m
keyingtries=1
mobike=no
keyexchange=ikev2
dpdaction=clear
dpddelay=30s
dpdtimeout=150s
conn red-to-blue
auto=add
compress=no
type=tunnel
keyexchange=ikev2
fragmentation=yes
forceencaps=yes
rekey=no
#Raspberry
left=192.168.10.1
leftauth=pubkey
leftid="C=xx, ST=xxx, L=xxx, O=xxx, OU=xxx, CN=xxx, N=xxx, E=xxx"
leftcert=cpu.crt
leftsendcert=always
leftfirewall=yes
leftsubnet=192.168.10.1/32
#PC
right=%any
rightid=%any
rightsourceip=192.168.10.100
rightauth=eap-mschapv2
rightsendcert=never
eap_identity=%any
On Windows I created the VPN connection with the following commands:
Add-VpnConnection -Name "Test IPSec" -ServerAddress "192.168.10.1" -TunnelType IKEv2 -EncryptionLevel Maximum -AuthenticationMethod EAP -RememberCredential
Set-VpnConnectionIPsecConfiguration -ConnectionName "Test IPSec" -AuthenticationTransformConstants SHA256128 -CipherTransformConstants AES256 -EncryptionMethod AES256 -IntegrityCheckMethod SHA256 -DHGroup ECP256 -PfsGroup ECP256 -Force
Add-VpnConnectionRoute -ConnectionName "Test IPSec" -DestinationPrefix 192.168.10.1/32
Set-VpnConnection -Name "Test IPSec" -SplitTunneling $True
Any advice would be appreciated.
Related issues
History
#1 Updated by Tobias Brunner about 1 year ago
- Category set to interoperability
- Status changed from New to Closed
- Assignee set to Tobias Brunner
- Priority changed from High to Normal
- Resolution set to Duplicate
#2 Updated by Tobias Brunner about 1 year ago
- Is duplicate of Issue #3176: strongSwan-Windows routing troubles when accessing server's physical IP address added