@RMerlin - Possible Bug/ Issue in VPN Server settings.
Using the Asus Router as a VPN Server
VPN Server -> IPSec VPN settings.
Setup the Asus Router as a IKEv2 server, no issues in setting up. I have setup my clients as IKEV2 clients and everything connects fine.
I then realised that I needed to change the allocated IP addresses for my clients, so I select
VPN Details -> Advanced Settings
And I changed the IP address range to 192.168.100.x
Hit apply... All saved successfully.
I then reconnect my clients, connection goes through successfully, clients connect - however the new IP address range is not reflected by the clients, they are still on the original range.
Did a bit of digging...
I then checked the ipsec.conf files and it seems that the change of IP address range is only reflected in the ikev1 section. The ikev2 section still reflects the old address range.
I am referring to the line
Hope you are able to replicate the issue with the above details...
Router: ASUS RT-AX88U, running version 386.3, no add-ons, no USB, jffs scripts enabled.
That is because you are only able to adjust the settings for the IPK1, the settings for the IPK2 are set by instant guard which was added by asus(closed source)@RMerlin
It appears that the line rightsourceip=10.10.10.0/24 is hardcoded for the ikev2 section.
The value of rightsourceip in ikev1 section changes accordingly, but the same value in ikev2 section does not change from 10.10.10.0/24.
Redacted contents of ipsec.conf
conn %default keyexchange=ikev1 authby=secret ike=aes256-sha1-modp1024 #Host-to-NET[prof#0]:4>Host-to-Net>null>null>wan>>1>SharedSecretKey>null>null>null>null>null>1>192.168.100>null>1>null>null>0>null>null>null>1>>>eap-md5>1>500>4500>10>1>null>null>null>null><<<<>1 conn Host-to-Net keyexchange=ikev1 left=22.214.171.124 ....... ....... rightsourceip=192.168.100.0/24 rightdns=192.168.1.1 ....... #Host-to-NET[prof#1]:4>Host-to-Netv2>null>null>wan>>0>null>null>null>null>null>null>1>10.10.10>null>2>null>null>0>@guru.myddns.me>null>null>0>>>eap-mschapv2>1>500>4500>10>1>null>null>null>null><<<<>1>pubkey>svrCert.pem>always>svrKey.pem>%identity conn Host-to-Netv2 keyexchange=ikev2 left=126.96.36.199 ....... [email protected] ....... rightsourceip=10.10.10.0/24 rightdns=192.168.1.1