I've updated my computer to Windows 10 Build 1809:
After a successfull connection with Big-IP Edge Client VPN the internet connection is broken. Ping to Google DNS servers with connected VPN:
We have configured Network Access with "split tunneling". The very same VPN worked perfectly with the previous build of Windows 10 (1803).
Version of VPN client: 7160,2018,417,2013
Does anyone run into the same problem?
Thank you, John
I just tested with the latest version of the Big IP Edge client (7171.2018.808.2011). Same behavior, it doesn't work either.
The latest windows update for Windows 10 1809 January 22, 2019—KB4476976 (OS Build 17763.292) seems to fix the issue!
I can also confirm that installing this patch has resolved the issue.
Confirmed as well.
NasimMalik, did you say you have found a workaround for this? Your comment suggests as much, but there is no info on what you did.
Looks like a known issue article has been published. Per the article, the workaround is to force all traffic through the tunnel (i.e. disable split tunnel).
Below are workaround instructions that worked for me as an end user. This is not intended as central workaround a for a multi-user deployment.
Start cmd as administrator. One way to do this is
Find the Gateway ip address for your Internet connection using the route print command in the administrator command prompt. You'll find it in the first entry in the IPv4 Route Table where Network Destination is 0.0.0.0 and the Netmask is 0.0.0.0. You will use the Gateway ip address in the next step. The following step assumes that the Gateway ip address is 192.168.1.1
Enter the following commands to route Internet traffic through your Internet connection's gateway. Use your gateway's IP address for the last address in the following commands. The first two commands make certain that the appropriate entries exist and may generate a benign error message.
route add 0.0.0.0 mask 22.214.171.124 192.168.1.1
route add 126.96.36.199 mask 188.8.131.52 192.168.1.1
route change 0.0.0.0 mask 184.108.40.206 192.168.1.1
route change 220.127.116.11 mask 18.104.22.168 192.168.1.1
rem hit enter to make certain that the prior command is executed
Great, but could we apply this workaround to large scale (I mean to say a organisation who has more than 100 sites and each site has own default gateway) ?
This workaround is for an end client and is not for a multi-user deployment. I just needed it to work for me. I'm not an administrator and not able to recommend a workaround for a multi-user environment.
Update: F5 VPN with split tunnling is working again with Windows 10 Insider Preview 18272.1000.
I think there is a good chance that Microsoft will include this fix in the next official cumulative update.
Confirming that Win10 Version 1809 (OS Build 17763.292) resolved issue for us.
Update with build 17763.292 seems to do the trick. At last! No other problems noted yet.
Yes, SSL F5 VPN doesn't work on Window 10 1809 machine.Logged a call with F5 support and they advised below
'' At the moment the reported issue is escalated to our Product Development team. New software defect ID745498 with a title "[Windows RS5]OS doesn't using default route 0.0.0.0/0.0.0.0 if config with split tunnel" was created to track that issue. ''
Tested on one of window machine 1809 and it seems working.
Route print -p 0.0.0.0 netmask 22.214.171.124 default gateway
Route print -p 126.96.36.199 netmask 188.8.131.52 default gateway
But ,This is not the fix, but the workaround while the issue is being analyzed by F5 product developers.
Thank you for the useful information! I hope, we will get a fix soon..
I encountered a similar issue today after receiving the 1809 update yesterday. I have no Internet access when the VPN is connected. I haven't found a workaround.
Any workaround is appreciated.
There's a Knowledge Center article describing this issue and a workaround. As an end user I don't have the configuration utility that is mentioned.
If you're an administrator on the device, you may be able to update add a static route to force traffic through the tunnel. But that won't work if the access policy is setup to drop the connection if the routing table changes.
In that case, your APM admin must update the policy with the workaround.
Please see below the latest update from F5 support.
Thank you for an update. Yes, the workaround should work.
I don't have right now much info about the bug details and when the permanent fix is ready. Currently, I'd recommend not moving other machines which normally use SSL VPN to release 1809 until the fix is ready. For those machines which have been already moved to 1809, you can use the mentioned workaround.
1803 (RS4) version shouldn't be affected by the mentioned bug but you can double-check.
Windows 10 version history
I propose the following -> you will fully test the workaround and update me; from my end I will monitor the bug related updates (it is being handled with high priority by our product developers) and when I have something I will let you know.
I haven't tested it to windows 1803 version and as it looks to me as temporary fix and hard to implement on large scale.
Sorry to mention the whole process of this temporary work around.
Here you go.
On each affected PC split the default gateway for two routes:
Step : 1
Step: 2 ( add 0.0.0.0/1 and 184.108.40.206/1)
I applied below command.
Route print -p 0.0.0.0 netmask 220.127.116.11 default gateway (Ip address of your default gateway)
Route print -p 18.104.22.168 netmask 22.214.171.124 default gateway(Ip address of your default gateway)
I hope, this temporary workaround can fix the issue. Thanks
Hi all, Is this something we could cure using a different version of APM [i.e 13.1.1 or v.14]?? I am on version 126.96.36.199
We have some users on windows build 1809, and experiencing issues as can't go to the internet while on the F5-VPN. On our APM policy, routing changes while on the VPN are not allowed and drop the connection. So if we can not change the routing table on the desktop as workaround, Can the Windows 10 be upgraded or downgraded to a newer or older version far from 1809 build? How ease or difficult is this?
Same problem. Cannot be on VPN without losing internet connections due to split tunnel set by my admins. I am not an admin so cannot change the settings to rout all traffic as suggested above. Microsoft is not able to help me, and in fact does not admit to knowing about the problem!! Any suggestions as to how to contact f5?
The problem is known by Microsoft. See https://support.microsoft.com/en-us/help/4464619/windows-10-update-history. This article says that Microsoft is working on a resolution and will provide an update in an upcoming release.
So hopefully it will be fixed in the december cumulative updates (coming next week).
At present, the link describes the problem (Nov 14) but the suggested workaround is to force all tunneling to one channel. This is not an option for my organization, so there is no present workaround. And microsoft support denies knowing about the problem when I called them to find out if there was any progress! So I guess the only solution is to patiently suffer an wait for them to issue a release that miraculously makes the problem go away.
December cumulative update applied today (now Windows lists Version as 10.0.17763 Build 17763). No improvement - still cannot access internet when VPN is enabled. Any suggestions?
I installed F5 access app from Microsoft Store in Windows 10, configured the VPN connection and this issue hasn't occured. The concerned user is able to access all the applications through VPN tunnel and also internet.
We also tried the F5 Access UWP app, which adds a VPN Provider to Windows 10. However, it does not seem to support OTP-tokens (we use SMS), so it just returns "wrong username/password". Can someone verify whether OTP/MFA is unsupported with F5 Access or if we need to adjust something to get it working?
bit of an off topic question, but looking at the documentation:
it only supports client certificates as second factor.
Latest update from my IT department is that this is an INTENTIONAL change to security by Microsoft. Split tunneling is no longer being supported by our IT due to need for increased security. So, until things change, our IT department is no longer allowing VPN and internet browsing at the same time unless you log into a remote desktop connection!!
Does any one know if this is likely to change with new updates?
We need input from F5. Does anyone know how to contact them for their take on the issue. My IT department says it is a feature of Windows 10 that is preventing them from implementing split tunneling without blocking internet access on a VPN due to security concerns. I find this hard to live with.
Also Microsoft's January Patchday (KB4480116) seems not to fix the split tunneling issue. I would really love to hear an answer from f5 support other than "this is a Microsoft issue, we cannot help you" ... Is there no way for f5 to implement a working workaround together with Microsoft ? The issue is known for more than 3 months!
Confirming that "January 8, 2019—KB4480116 (OS Build 17763.253)" does not resolve F5 issue. Agree with Tuxerl's sentiment, surprising F5 has not yet worked with MS to discover issue and release fix.
Anyone have updates on this? We are experiencing this issue as well.
Please open a ticket with F5 [everyone], the more tickets the more awareness on the issue. In the meantime, a workout is to switch from split-tunnel to full tunnel which might be not great
Microsoft has fixed this issue in the upcoming Windows 10 19H1 (Redstone 6), roughly scheduled to be released to the public in Mar/Apr 2019.
The current status of Windows 10 Redstone 6 is Build 18317. It was the 19th Insider Preview build of Windows 10 released after RS5 build. It was released on January 16, 2019. This new build arrived via new "19H1" development branch.
That would be bad news. We have instructed all our customers to delay Windows 10 feature updates due to the Big-IP Edge problem. This means that they will receive the Windows 10 1809 build delayed but definitely before the 19H1 release. Microsoft or F5 has to fix this problem for the Windows 10 1809 build as well!
Running Win10 Version 1809 (OS Build 17763.292) here. Still having issues with internet connection after connecting to VPN.
@dineshmike Please open a support case on this to investigate more.
As dineshmike... running Win10 Version 1809 (OS Build 17763.292): dtill having issues with internet connection after connecting to VPN.
wich BIG-IP version are you using?