I have a AX86u running Merlin 386.5. It has two WAN's on load balance (mostly using Primary with one device hard coded to use the secondary). The secondary WAN gets issued a private IP address (but does have onward internet access through NAT etc.
I am trying to run a IKEv2 VPN server on the router and I only need to connect to it from the Secondary WAN (although both would be a bonus!)
I can connect using Windows 10 to the public IP address of the the Primary WAN (or the DDNS hostname). So I have installed the certificate etc. correctly
Using the same computer using the IP address of the Secondary WAN it doesn't work.
Both are the same behaviour irrespective to if I am internal to my network or external.
The error in Windows 10 GUI is:
The error I get in the Windows Event Viewer is:
The error in the ASUS-Merlin log is:
My theory is that IKEv2 uses certificates and that the certificate is hard-coded to the DDNS domain name which only resolves to the Primary WAN IP address.
Is there anyway to add a second server IP address to the certificate file which is created in the IKEv2 setup?
Thanks in advance
I am trying to run a IKEv2 VPN server on the router and I only need to connect to it from the Secondary WAN (although both would be a bonus!)
I can connect using Windows 10 to the public IP address of the the Primary WAN (or the DDNS hostname). So I have installed the certificate etc. correctly
Using the same computer using the IP address of the Secondary WAN it doesn't work.
Both are the same behaviour irrespective to if I am internal to my network or external.
The error in Windows 10 GUI is:
Policy match error
The error I get in the Windows Event Viewer is:
The user xxxxxxxxxxxxxxxxx dialed a connection named Home which has failed. The error code returned on failure is 13868.
The error in the ASUS-Merlin log is:
Mar 20 15:15:59 05[ENC] parsed IKE_SA_INIT request 0 [ SA KE No N(FRAG_SUP) N(NATD_S_IP) N(NATD_D_IP) V V V V ]
Mar 20 15:15:59 05[IKE] no IKE config found for 10.60.164.9...192.168.1.254, sending NO_PROPOSAL_CHOSEN
Mar 20 15:15:59 05[ENC] generating IKE_SA_INIT response 0 [ N(NO_PROP) ]
Mar 20 15:15:59 05[NET] sending packet: from [2ndWANIP][500] to [InternalIP][500] (36 bytes)
Mar 20 15:21:32 05[KNL] [2ndWANIP] disappeared from eth0
My theory is that IKEv2 uses certificates and that the certificate is hard-coded to the DDNS domain name which only resolves to the Primary WAN IP address.
Is there anyway to add a second server IP address to the certificate file which is created in the IKEv2 setup?
Thanks in advance