Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
Virtual private networks
»
IPsec Mobile Client with EAP-MASCHAPv2 (Windows 10 built-in VPN Client)
« previous
next »
Print
Pages: [
1
]
Author
Topic: IPsec Mobile Client with EAP-MASCHAPv2 (Windows 10 built-in VPN Client) (Read 2388 times)
ntkevinshao
Newbie
Posts: 12
Karma: 1
IPsec Mobile Client with EAP-MASCHAPv2 (Windows 10 built-in VPN Client)
«
on:
July 26, 2022, 05:00:06 am »
Dear all :
(1) OPNsense 22.1.10 VMware VM running on PC 1
NIC 1(LAN) : host only with IP address is static 192.168.1.1 /24
NIC 2(WAN) : bridged to PC1's Ethernet adapter with DHCP IP 10.0.1.127 /22
IPsec Mobile Client related setting :
CA and Certificates were correctly generated
Backend for Authentication is set to "Local Database"
Client IP address pool : 10.10.0.0 /24
IPsec Tunnel Phase 2 Local Network is set to "LAN subnet"
user correctly configured under Pre-Shared Keys menu with Type "EAP"
OPNsense Firewall Rules are set to allow all on WAN, LAN and IPsec interface
(2) PC 2(Windows 10) DHCP IP 10.0.1.241 used for IPsec Mobile Client test using Windows 10's built-in VPN client connection
My problems :
1. PC2 using Windows 10 VPN client can successfully login and connect to OPNsense and get IP address 10.10.0.1 /32, is this normal ? I assume PC2 should get 10.10.0.1 /24
2. PC2 cannot access OPnsense LAN Subnet, ping 192.168.1.1 failed. I checked PC2's route table, there was no route to 192.168.1.0/24 added
Logged
ntkevinshao
Newbie
Posts: 12
Karma: 1
Re: IPsec Mobile Client with EAP-MASCHAPv2 (Windows 10 built-in VPN Client)
«
Reply #1 on:
July 26, 2022, 05:21:13 am »
My bad, I found out why ? I forgot to check Install Policy in Tunnel Phase 1 Configuration
Now PC2 can ping 192.168.1.1 but cannot ping 8.8.8.8, how can I do split tunneling so only traffic to 192.168.1.0/24 is routed over IPsec tunnel, all other traffic is routed over PC2's existing default gateway ?
Now I check PC2's route table default route 0.0.0.0/0 next hop is set to 10.10.0.1 tunnel interface, this is not what I want. What I want is I should have 192.168.1.0/24 net hop 10.10.0.1 installed in PC2's route table.
«
Last Edit: July 26, 2022, 05:48:35 am by ntkevinshao
»
Logged
mimugmail
Hero Member
Posts: 6776
Karma: 494
Re: IPsec Mobile Client with EAP-MASCHAPv2 (Windows 10 built-in VPN Client)
«
Reply #2 on:
July 26, 2022, 06:07:54 am »
Go into adapter setting and untick to use this connection as default
Logged
WWW:
www.routerperformance.net
Support plans:
https://www.max-it.de/en/it-services/opnsense/
Commercial Plugins (German):
https://opnsense.max-it.de/
ntkevinshao
Newbie
Posts: 12
Karma: 1
Re: IPsec Mobile Client with EAP-MASCHAPv2 (Windows 10 built-in VPN Client)
«
Reply #3 on:
July 26, 2022, 06:36:07 am »
adapter setting ? where is it ?
Logged
mimugmail
Hero Member
Posts: 6776
Karma: 494
Re: IPsec Mobile Client with EAP-MASCHAPv2 (Windows 10 built-in VPN Client)
«
Reply #4 on:
July 26, 2022, 08:28:58 am »
https://www.google.com/search?q=windows+10+vpn+default+gateway&client=ms-android-hmd-rev2&prmd=ivn&sxsrf=ALiCzsZ92SXDkOACiayWy7HaeD3ruDOaGw:1658816909292&source=lnms&tbm=isch&sa=X&ved=2ahUKEwjO2__E9pX5AhU4h_0HHYHDBG0Q_AUoAXoECAIQAQ&biw=412&bih=756&dpr=2.63#imgrc=an7bcV3ilEh5pM
Logged
WWW:
www.routerperformance.net
Support plans:
https://www.max-it.de/en/it-services/opnsense/
Commercial Plugins (German):
https://opnsense.max-it.de/
ntkevinshao
Newbie
Posts: 12
Karma: 1
Re: IPsec Mobile Client with EAP-MASCHAPv2 (Windows 10 built-in VPN Client)
«
Reply #5 on:
July 26, 2022, 08:48:11 am »
Thanks, it worked. Now my remote win 10 PC VPN connection is up and default gateway is its original default gateway not the IPsec tunnel.
But I got another problem, that is my win 10 PC did not learn route to OPNsense LAN subnet via this tunnel interface, did I miss still anything ?
Logged
mimugmail
Hero Member
Posts: 6776
Karma: 494
Re: IPsec Mobile Client with EAP-MASCHAPv2 (Windows 10 built-in VPN Client)
«
Reply #6 on:
July 26, 2022, 10:01:27 am »
https://www.google.com/search?q=windows+10+ikev2+add+routes+on+startup&rlz=1C1CHBF_deDE698DE698&oq=windows+10+ikev2+add+routes+on+startup&aqs=chrome..69i57j0i546l2.10409j0j7&sourceid=chrome&ie=UTF-8
Logged
WWW:
www.routerperformance.net
Support plans:
https://www.max-it.de/en/it-services/opnsense/
Commercial Plugins (German):
https://opnsense.max-it.de/
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
Virtual private networks
»
IPsec Mobile Client with EAP-MASCHAPv2 (Windows 10 built-in VPN Client)