Big-IP Edge Client / Windows 10 1809 - No internet connection with connected VPN

I just tested with the latest version of the Big IP Edge client (7171.2018.808.2011). Same behavior, it doesn't work either.

Yes, SSL F5 VPN doesn't work on Window 10 1809 machine.Logged a call with F5 support and they advised below '' At the moment the reported issue is escalated to our Product Development team. New software defect ID745498 with a title "[Windows RS5]OS doesn't using default route 0.0.0.0/0.0.0.0 if config with split tunnel" was created to track that issue. ''

Tested on one of window machine 1809 and it seems working.

Route print -p 0.0.0.0 netmask 128.0.0.0 default gateway Route print -p 128.0.0.0 netmask 128.0.0.0 default gateway

But ,This is not the fix, but the workaround while the issue is being analyzed by F5 product developers.

I encountered a similar issue today after receiving the 1809 update yesterday. I have no Internet access when the VPN is connected. I haven't found a workaround.

Any workaround is appreciated.

NasimMalik, did you say you have found a workaround for this? Your comment suggests as much, but there is no info on what you did.

Hi Chris, Please see below the latest update from F5 support. Hello Nasim.

Thank you for an update. Yes, the workaround should work.

I don't have right now much info about the bug details and when the permanent fix is ready. Currently, I'd recommend not moving other machines which normally use SSL VPN to release 1809 until the fix is ready. For those machines which have been already moved to 1809, you can use the mentioned workaround.

1803 (RS4) version shouldn't be affected by the mentioned bug but you can double-check.

Windows 10 version history https://en.wikipedia.org/wiki/Windows_10_version_history

I propose the following -> you will fully test the workaround and update me; from my end I will monitor the bug related updates (it is being handled with high priority by our product developers) and when I have something I will let you know.

I haven't tested it to windows 1803 version and as it looks to me as temporary fix and hard to implement on large scale.

Hi,

Sorry to mention the whole process of this temporary work around.

Here you go.

On each affected PC split the default gateway for two routes:

Step : 1 delete 0.0.0.0/0,

Step: 2 ( add 0.0.0.0/1 and 128.0.0.0/1) I applied below command.

Route print -p 0.0.0.0 netmask 128.0.0.0 default gateway (Ip address of your default gateway) Route print -p 128.0.0.0 netmask 128.0.0.0 default gateway(Ip address of your default gateway)

I hope, this temporary workaround can fix the issue. Thanks

Below are workaround instructions that worked for me as an end user. This is not intended as central workaround a for a multi-user deployment.

1. Start cmd as administrator. One way to do this is

      win+r
      cmd
      ctrl+shift+enter
   

2. Find the Gateway ip address for your Internet connection using the route print command in the administrator command prompt. You'll find it in the first entry in the IPv4 Route Table where Network Destination is 0.0.0.0 and the Netmask is 0.0.0.0. You will use the Gateway ip address in the next step. The following step assumes that the Gateway ip address is 192.168.1.1

       route print
   

3. Enter the following commands to route Internet traffic through your Internet connection's gateway. Use your gateway's IP address for the last address in the following commands. The first two commands make certain that the appropriate entries exist and may generate a benign error message.

       route add 0.0.0.0 mask 128.0.0.0 192.168.1.1
       route add 128.0.0.0 mask 128.0.0.0 192.168.1.1
       route change 0.0.0.0 mask 128.0.0.0 192.168.1.1
       route change 128.0.0.0 mask 128.0.0.0 192.168.1.1
       rem  hit enter to make certain that the prior command is executed
   

Hi all, Is this something we could cure using a different version of APM [i.e 13.1.1 or v.14]?? I am on version 13.1.0.3

Update: F5 VPN with split tunnling is working again with Windows 10 Insider Preview 18272.1000.

I think there is a good chance that Microsoft will include this fix in the next official cumulative update.

We have some users on windows build 1809, and experiencing issues as can't go to the internet while on the F5-VPN. On our APM policy, routing changes while on the VPN are not allowed and drop the connection. So if we can not change the routing table on the desktop as workaround, Can the Windows 10 be upgraded or downgraded to a newer or older version far from 1809 build? How ease or difficult is this?