Feature Request: Add routes to IKEv2 VPNs automatically

%3CLINGO-SUB%20id%3D%22lingo-sub-1283366%22%20slang%3D%22en-US%22%3EFeature%20Request%3A%20Add%20routes%20to%20IKEv2%20VPNs%20automatically%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1283366%22%20slang%3D%22en-US%22%3E%3CP%3EThe%20IKEv2%20VPN%20client%20in%20Windows%20now%20has%20the%20setting%20%22use%20default%20gateway%20on%20remote%20network%22%20disabled%20by%20default%2C%20but%20it%20also%20does%20not%20support%20automatically%20adding%20routes%20based%20on%20the%20IKEv2%20traffic%20selectors%20supplied%20by%20the%20server.%20The%20only%20route%20it%20adds%20automatically%20is%20a%20class-based%20route%20based%20on%20the%20IP%20address%20assigned%20to%20the%20client.%20Class-based%20routing%20has%20been%20obsolete%20since%201993%2C%20and%20for%20a%20lot%20of%20sites%2C%20especially%20those%20using%20IP%20addresses%20in%20the%20192.168.0.0%2F16%20range%2C%20this%20means%20they%20need%20to%20add%20routes%20to%20their%20other%20subnets%20manually.%20As%20far%20as%20I%20can%20tell%2C%20adding%20routes%20manually%20isn't%20even%20possible%20via%20the%20GUI%2C%20the%20only%20way%20I%20can%20find%20to%20do%20it%20is%20the%20powershell%20command%26nbsp%3B%3CSPAN%3EAdd-VpnConnectionRoute.%20In%20this%20period%20where%20many%20people%20are%20working%20from%20home%20for%20the%20first%20time%2C%20this%20means%20we%20require%20a%20lot%20of%20time%20spent%20manually%20adding%20routes%20via%20powershell.%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%3EOther%20IKEv2%20clients%20(MacOS%2C%20iOS%2C%20Android%2C%20Strongwan%20on%20Linux%2FBSD)%20automatically%20add%20routes%20based%20on%20the%20traffic%20selector%20values%20negotiated%20in%20the%20IKEv2%20handshake.%20Please%20consider%20adding%20support%20for%20this%20behaviour%20in%20the%20Windows%20IKEv2%20VPN%20client.%3C%2FSPAN%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E
Highlighted
Frequent Visitor

The IKEv2 VPN client in Windows now has the setting "use default gateway on remote network" disabled by default, but it also does not support automatically adding routes based on the IKEv2 traffic selectors supplied by the server. The only route it adds automatically is a class-based route based on the IP address assigned to the client. Class-based routing has been obsolete since 1993, and for a lot of sites, especially those using IP addresses in the 192.168.0.0/16 range, this means they need to add routes to their other subnets manually. As far as I can tell, adding routes manually isn't even possible via the GUI, the only way I can find to do it is the powershell command Add-VpnConnectionRoute. In this period where many people are working from home for the first time, this means we require a lot of time spent manually adding routes via powershell.

 

Other IKEv2 clients (MacOS, iOS, Android, Strongwan on Linux/BSD) automatically add routes based on the traffic selector values negotiated in the IKEv2 handshake. Please consider adding support for this behaviour in the Windows IKEv2 VPN client.

0 Replies