After latest windows updates split-include is not working, routes are not pushed anymore, any workarounds ?
What update.
I have this problem on a few computers, removed all January updates and this is not solved, still digging, I really thought it was from the latest Windows Updates.
The problem was in the Windows Firewall, a colleague removed “Core Networking - Dynamic Host Configuration Protocol (DHCP-In)”, after adding it back all is working.
Sorry for misleading.
I’ve got the similar problem with tunnel splitting - Windows always adding new default route even if it is not listed in split network policy. I see this problem even on your screenshots - there is new 0.0.0.0 route , but there is no such route in split network policy. That is the problem for me if I would like to give access only to certain networks for vpn client. The only option at the moment is to disable add default route in vpn settings in windows, but it is not very convenient. And there is no options to disable default route in strong swan on android, because it is waiting to get routes from vpn server. There is probably some issues with pushing the routes or I missing something.
Known limitations
Windows will always ignore networks received by split-include and request policy with destination 0.0.0.0/0 (TSr). When IPsec-SA is generated, Windows requests DHCP option 249 to which RouterOS will respond with configured split-include networks automatically.
Moreover, Strongswan has a split tunneling section under the advanced setting.
