IPsec VPN using IKEV2 with multiple subnets bug?

[jlficken]

As I have been posting previously I have been trying to get Untangle to play well with a USG exposing multiple subnets over a single tunnel.

Here's the other thread - https://forums.untangle.com/ipsec-vp...angle-usg.html

While I finally got all of the tunnels to pass traffic without having to restart the Untangle IPsec service it doesn't work the way I'm pretty sure it should.

While on the USG I can create a single "Network" and expose the 192.168.5.0/24 and 192.168.100.0/24 networks to it in a single IKEv2 tunnel I can't do the same with Untangle for the 192.168.15.0/24 and 192.168.30.0/24 subnets on the USG.

This works on the USG:
USGVPN1.JPG

This doesn't work with Untangle:
UntangleVPN1.JPG
UntangleVPN2.JPG


Instead in order to get all subnets to be able to communicate I have to make IKEv2 tunnels for EACH subnet combination that I want to communicate.

Like this (First line description should be Untangle 5 --> USG 15 but I typo-ed):
UntangleVPN3.JPG


I tried multiple combinations of setups before finding out that this works including using multiple IKEv1 tunnels on the Untangle side as well as on the USG side and it didn't work.


I don't understand why the IKEv2 tunnels with all subnets included won't work that I was trying in my other thread but hopefully this helps someone else in the future as I have spent probably 12 hours playing with this over the long weekend now since I'd like to run Untangle at work as I really like it over the USG but we have one office that has to stay on the USG for now.

If someone wants to look into the issues I can get them into both systems but as of right now it seems to be a bug of some kind.