Hi everybody I've updated my computer to Windows 10 Build 1809: After a successfull connection with Big-IP Edge Client VPN the internet connection is broken. Ping to Google DNS servers with connected VPN: We have configured Network Access with "split tunneling". The very same VPN worked perfectly with the previous build of Windows 10 (1803). Version of VPN client: 7160,2018,417,2013 Does anyone run into the same problem? Thank you, John

The latest windows update for Windows 10 1809 January 22, 2019—KB4476976 (OS Build 17763.292) seems to fix the issue!

Big-IP Edge Client / Windows 10 1809 - No internet connection with connected VPN

rapopd_378474
Nimbostratus
Dec 27, 2018
Latest update from my IT department is that this is an INTENTIONAL change to security by Microsoft. Split tunneling is no longer being supported by our IT due to need for increased security. So, until things change, our IT department is no longer allowing VPN and internet browsing at the same time unless you log into a remote desktop connection!! Does any one know if this is likely to change with new updates?
- rapopd_378474
  Nimbostratus
  Jan 17, 2019
  We need input from F5. Does anyone know how to contact them for their take on the issue. My IT department says it is a feature of Windows 10 that is preventing them from implementing split tunneling without blocking internet access on a VPN due to security concerns. I find this hard to live with.
MTjerneld_37964
Nimbostratus
Dec 19, 2018
We also tried the F5 Access UWP app, which adds a VPN Provider to Windows 10. However, it does not seem to support OTP-tokens (we use SMS), so it just returns "wrong username/password". Can someone verify whether OTP/MFA is unsupported with F5 Access or if we need to adjust something to get it working?
- boneyard
  MVP
  Jan 11, 2019
  bit of an off topic question, but looking at the documentation: https://support.f5.com/kb/en-us/products/big-ip_apm/manuals/related/f5-access-config-note-win10-1-2.html
  
  it only supports client certificates as second factor.
Rammnz_262492
Nimbostratus
Dec 13, 2018
I installed F5 access app from Microsoft Store in Windows 10, configured the VPN connection and this issue hasn't occured. The concerned user is able to access all the applications through VPN tunnel and also internet.
rapopd_378474
Nimbostratus
Dec 04, 2018
Same problem. Cannot be on VPN without losing internet connections due to split tunnel set by my admins. I am not an admin so cannot change the settings to rout all traffic as suggested above. Microsoft is not able to help me, and in fact does not admit to knowing about the problem!! Any suggestions as to how to contact f5?
- rapopd_378474
  Nimbostratus
  Dec 12, 2018
  December cumulative update applied today (now Windows lists Version as 10.0.17763 Build 17763). No improvement - still cannot access internet when VPN is enabled. Any suggestions?
- rapopd_378474
  Nimbostratus
  Dec 06, 2018
  At present, the link describes the problem (Nov 14) but the suggested workaround is to force all tunneling to one channel. This is not an option for my organization, so there is no present workaround. And microsoft support denies knowing about the problem when I called them to find out if there was any progress! So I guess the only solution is to patiently suffer an wait for them to issue a release that miraculously makes the problem go away.
- jone14_166962
  Altocumulus
  Dec 06, 2018
  Hi rapopd,
  
  The problem is known by Microsoft. See https://support.microsoft.com/en-us/help/4464619/windows-10-update-history. This article says that Microsoft is working on a resolution and will provide an update in an upcoming release.
  
  So hopefully it will be fixed in the december cumulative updates (coming next week).
a_basharat_2591
Nimbostratus
Nov 27, 2018
We have some users on windows build 1809, and experiencing issues as can't go to the internet while on the F5-VPN. On our APM policy, routing changes while on the VPN are not allowed and drop the connection. So if we can not change the routing table on the desktop as workaround, Can the Windows 10 be upgraded or downgraded to a newer or older version far from 1809 build? How ease or difficult is this?
jone14_166962
Altocumulus
Nov 02, 2018
Update: F5 VPN with split tunnling is working again with Windows 10 Insider Preview 18272.1000.

I think there is a good chance that Microsoft will include this fix in the next official cumulative update.
a_basharat
Nimbostratus
Oct 11, 2018
Hi all, Is this something we could cure using a different version of APM [i.e 13.1.1 or v.14]?? I am on version 13.1.0.3
Chris_T_373828
Nimbostratus
Oct 08, 2018
Below are workaround instructions that worked for me as an end user. This is not intended as central workaround a for a multi-user deployment.

Start cmd as administrator. One way to do this is

win+r cmd ctrl+shift+enter

Find the Gateway ip address for your Internet connection using the route print command in the administrator command prompt. You'll find it in the first entry in the IPv4 Route Table where Network Destination is 0.0.0.0 and the Netmask is 0.0.0.0. You will use the Gateway ip address in the next step. The following step assumes that the Gateway ip address is 192.168.1.1

route print

Enter the following commands to route Internet traffic through your Internet connection's gateway. Use your gateway's IP address for the last address in the following commands. The first two commands make certain that the appropriate entries exist and may generate a benign error message.

route add 0.0.0.0 mask 128.0.0.0 192.168.1.1 route add 128.0.0.0 mask 128.0.0.0 192.168.1.1 route change 0.0.0.0 mask 128.0.0.0 192.168.1.1 route change 128.0.0.0 mask 128.0.0.0 192.168.1.1 rem hit enter to make certain that the prior command is executed
- Chris_T_373828
  Nimbostratus
  Oct 09, 2018
  This workaround is for an end client and is not for a multi-user deployment. I just needed it to work for me. I'm not an administrator and not able to recommend a workaround for a multi-user environment.
- NasimMalik_3304
  Nimbostratus
  Oct 09, 2018
  Hi Chris,
  
  Great, but could we apply this workaround to large scale (I mean to say a organisation who has more than 100 sites and each site has own default gateway) ?
  
  Secondly, if just BEACUASE OF THIS FEATURE UPDATE we force all traffic to tunnel( internet and Corporate ) then 1. we are not using F5 as split tunnel feature 2. before enable do we need to know which F5 model can able to handle all traffics ?
NasimMalik_3304
Nimbostratus
Oct 06, 2018
Hi,

Sorry to mention the whole process of this temporary work around.

Here you go.

On each affected PC split the default gateway for two routes:

Step : 1 delete 0.0.0.0/0,

Step: 2 ( add 0.0.0.0/1 and 128.0.0.0/1) I applied below command.

Route print -p 0.0.0.0 netmask 128.0.0.0 default gateway (Ip address of your default gateway) Route print -p 128.0.0.0 netmask 128.0.0.0 default gateway(Ip address of your default gateway)

I hope, this temporary workaround can fix the issue. Thanks
NasimMalik_3304
Nimbostratus
Oct 06, 2018
Hi Chris, Please see below the latest update from F5 support. Hello Nasim.

Thank you for an update. Yes, the workaround should work.

I don't have right now much info about the bug details and when the permanent fix is ready. Currently, I'd recommend not moving other machines which normally use SSL VPN to release 1809 until the fix is ready. For those machines which have been already moved to 1809, you can use the mentioned workaround.

1803 (RS4) version shouldn't be affected by the mentioned bug but you can double-check.

Windows 10 version history https://en.wikipedia.org/wiki/Windows_10_version_history

I propose the following -> you will fully test the workaround and update me; from my end I will monitor the bug related updates (it is being handled with high priority by our product developers) and when I have something I will let you know.

I haven't tested it to windows 1803 version and as it looks to me as temporary fix and hard to implement on large scale.