none
"Use default gateway on remote network" does not work for IPv6 in RAS VPN connections

    Question

  • We have Win 7 and 8.1 clients connecting to a Windows Server 2012 R2 RAS.

    When connecting to the VPN the clients get both an IPv4 and IPv6 address.

    For the IPv4 part the VPN client profile setting "Use default gateway on remote network" determines if all traffic is routed over the VPN or if split tunneling/horizon is used.

    For IPv6 this does not work as expected. The client profile setting mentioned above has no noticeable effect at all. Instead the RAS server setting “Enable default route advertisement” on the IPv6 tab on the server properties in the “Routing and Remote Access” console determines (somehow) the behavior.

    If not set the only route created is to the IPv6 subnet used for the VPN clients. That means that the only machines that can be reached are the RAS server and other VPN clients. On Windows 8 ff. additional routes can be added to the VPN client profile using “Add-VpnConnectionRoute” so that allows to create a split horizon.

    If “Enable default route advertisement” is set on the RAS server a default route gets created on the client no matter what "Use default gateway on remote network" in the VPN client profile says. If the client has a native IPv6 connection himself things get even better. Having 2 default routes now both with the same RouteMetric of 256 packets get sent to the VPN or local network randomly.

    As we would like to have some clients sending all traffic over the VPN and others clients using split horizon this is quite a mess.

    I sincerely hope that this is only due to a lack of understanding of the proper configuration on my side and someone can point me into the right direction to resolve that issue.

    Tuesday, April 01, 2014 2:54 PM