Community discussions

MikroTik App
 
rubl3v
just joined
Topic Author
Posts: 3
Joined: Fri Sep 10, 2021 11:43 am

Windows 7 Ikev2 Split Include

Tue Nov 16, 2021 8:00 am

I set up an Ikev2 server on Mikrotik. All clients connect without problems, but the transfer of routes to Windows 7 does not work. Someone faced a problem, can it be made to work?
 
ConnyMercier
Forum Veteran
Forum Veteran
Posts: 724
Joined: Tue Dec 17, 2019 1:08 pm

Re: Windows 7 Ikev2 Split Include

Wed Nov 17, 2021 12:10 am

Q1. Do you use Windows VPN-Client or a 3rd-Party software to connect via Ikev2?
Q2. How do you know the Routes are not working? (Windows CLI : route print)?
Q3. Can you please POST your config ? (/export hide-sensitive file=anynameyouwish)
 
rubl3v
just joined
Topic Author
Posts: 3
Joined: Fri Sep 10, 2021 11:43 am

Re: Windows 7 Ikev2 Split Include

Tue Nov 23, 2021 4:49 am

Q1. Do you use Windows VPN-Client or a 3rd-Party software to connect via Ikev2?
Q2. How do you know the Routes are not working? (Windows CLI : route print)?
Q3. Can you please POST your config ? (/export hide-sensitive file=anynameyouwish)
1.VPN is installed by standard Windows.
2.I attach a Screen
3.Took everything about Ipsec
/ip ipsec policy group
add name=IKEv2-group
/ip ipsec profile
add dh-group=modp2048,modp1536,modp1024 enc-algorithm=\
aes-256,aes-192,aes-128,3des name=IKEv2-profile-ph1
/ip ipsec peer
add exchange-mode=ike2 name=vpn.it-russia.com passive=yes profile=\
IKEv2-profile-ph1
/ip ipsec proposal
set [ find default=yes ] enc-algorithms=\
aes-256-cbc,aes-256-ctr,aes-128-cbc,3des lifetime=1d
add auth-algorithms=sha512,sha256,sha1 enc-algorithms="aes-256-cbc,aes-256-ctr\
,aes-256-gcm,aes-192-ctr,aes-192-gcm,aes-128-cbc,aes-128-ctr,aes-128-gcm,3\
des" name=IKEv2-proposal-ph2 pfs-group=none
add address-pool=VPN-ike-pool address-prefix-length=32 name=client split-dns=\
its.local split-include=10.1.84.0/24,172.16.0.0/24,172.16.253.0/24 \
static-dns=10.1.84.5,172.16.0.10 system-dns=no


/ip ipsec identity
add auth-method=eap-radius certificate=vpn2.it-russia.com generate-policy=\
port-strict mode-config=client peer=vpn.it-russia.com \
policy-template-group=IKEv2-group
/ip ipsec policy
set 0 disabled=yes
add comment="IPSec policy for vpn pool" dst-address=192.168.137.0/24 group=\
IKEv2-group proposal=IKEv2-proposal-ph2 src-address=0.0.0.0/0 template=\
yes
add comment="Policy to IPSec clients from ALL" disabled=yes dst-address=\
192.168.137.0/24 peer=ipip-cod-vr-cn proposal=IKEv2-proposal-ph2 \
src-address=0.0.0.0/0 tunnel=yes
/ip ipsec settings
set xauth-use-radius=yes


Windows 10 Works seamlessly.
I also noticed that when I connect to Peers on Mikrotik Src, I see my internal local subnet and not 0.0.0.0/0. There is a Screen
You do not have the required permissions to view the files attached to this post.
 
User avatar
Znevna
Forum Guru
Forum Guru
Posts: 1347
Joined: Mon Sep 23, 2019 1:04 pm

Re: Windows 7 Ikev2 Split Include

Tue Nov 23, 2021 6:58 am

Windows 7 does not support the Split Include option.
You have to add persistent routes manually.
 
User avatar
nichky
Forum Guru
Forum Guru
Posts: 1275
Joined: Tue Jun 23, 2015 2:35 pm

Re: Windows 7 Ikev2 Split Include

Tue Nov 23, 2021 7:40 am

i think any windows doesn't support the Split Include option.
For windows i'm using open vpn, that allows you to do that
 
User avatar
Znevna
Forum Guru
Forum Guru
Posts: 1347
Joined: Mon Sep 23, 2019 1:04 pm

Re: Windows 7 Ikev2 Split Include

Tue Nov 23, 2021 8:11 am

No, as stated, Windows 7 does not support IKEv2 split include. Rest of them work fine (newer than Windows 7).

Who is online

Users browsing this forum: amt, Bing [Bot], bschapendonk, Dwemer, Erbit, Google [Bot], jaclaz, lurker888, sirbryan, smirgo, TheCat12 and 108 guests