Project

General

Profile

Issue #3334

Split routing with Windows 10

Added by Robert Dahlem about 2 months ago. Updated about 1 month ago.

Status:
Feedback
Priority:
Normal
Assignee:
-
Category:
configuration
Affected version:
5.7.2
Resolution:

Description

I have a working road warrior setup with IKEv2. Now I am trying to follow WindowsClients, especially the split routing part. I installed dnsmasq and configured:

bind-interfaces
interface=br0
listen-address=172.20.0.1
dhcp-range=172.20.2.1,172.20.2.254,255.255.0.0,24h
log-dhcp
dhcp-option=249,172.22.1.0/24,0.0.0.0

and pools = dhcp in swanctl.conf.

My VPN client (Windows 10 Pro, "Use default gateway on remote network" is disabled) gets an IP address from dnsmasq, but no routes, even when I configure dhcp-option-force=249,172.22.1.0/16,0.0.0.0.
I noticed this in daemon.log:

dnsmasq-dhcp[586]: 4209718744 requested options: 6:dns-server, 44:netbios-ns

It seems that that the Windows 10 client does not request option 121 nor 249.
When I try this with a LAN connected client, I get:
dnsmasq-dhcp[818]: 2386198010 requested options: 1:netmask, 3:router, 6:dns-server, 15:domain-name,
dnsmasq-dhcp[818]: 2386198010 requested options: 31:router-discovery, 33:static-route, 43:vendor-encap,
dnsmasq-dhcp[818]: 2386198010 requested options: 44:netbios-ns, 46:netbios-nodetype, 47:netbios-scope,
dnsmasq-dhcp[818]: 2386198010 requested options: 119:domain-search, 121:classless-static-route,
dnsmasq-dhcp[818]: 2386198010 requested options: 249, 252

My guess is that either the Windows client does not request routes through the VPN tunnel or StrongSwan does not pass this request on.

Is there anything else I need to do to push routes to the Windows client?

History

#1 Updated by Tobias Brunner about 2 months ago

  • Category changed from windows to configuration

#2 Updated by Robert Dahlem about 1 month ago

Can I do anything to get this resolved? I will happily provide configurations and logs as needed.

#3 Updated by Tobias Brunner about 1 month ago

  • Status changed from New to Feedback

It seems that that the Windows 10 client does not request option 121 nor 249.

I think that was only Windows Mobile. You have to find other ways to do this on Windows (see ForwardingAndSplitTunneling).

Also available in: Atom PDF