Hello,
An L2tp+ipsec connection is established on the mikrotik router. There are two devices, one is a router (the configuration can be seen in the picture), the other device is a managed mikrotik,conf as switch. Everything works fine, but only when windows “use default gateway” is used when connecting. If we remove it, then when connecting from VPN, there is no possibility to access internal computers.
Maybe I made a mistake somewhere or didn’t specify something extra. Route? Or something else? I tried many options, nothing helps.
If necessary, I can also copy the configuration
Windows use a specific method to obtain a route list from the VPN server - they send a DHCPINFORM request asking for Option 249, which is a route list. The only VPN type where RouterOS responds this request is bare IKEv2 (and to make things worse, I have recently come across a case where a particular Windows machine would not send it no matter what).
One possibility is to use the “allow addition of class-based route” if the address assigned to the L2TP client fits into the only LAN subnet (which requires activation of proxy-arp at the RouterOS side) or if all the LAN subnets fit into the same A or B class (10.0.0.0/8 or 172.(16-31).0.0/12). For this, the GUI is still sufficient (Network Adaptor Details, so may not be the case in Win 11). If that does not satisfy your use case, you can manually set up a route list for a VPN connection, but that requires PowerShell (or enough bravery/desperation to modify the rasphone.pbk file manually).
Thank you very much for the answer!