I have successfully set up IKEv2 connection between the two routers. RUT240 is on 4G with dynamic address, Vigor is on static public IP.
However I don't have a working route betweeen the two LAN subnets (192.168.100.0 at Draytek and 192.168.210.0 at RUT). I can see error message in RUT240 log - unable to install source route.
Mon Oct 19 15:40:43 2020 daemon.info ipsec: 05[CFG] added configuration 'Control'
Mon Oct 19 15:40:43 2020 daemon.info ipsec: 07[CFG] received stroke: initiate 'Control'
Mon Oct 19 15:40:43 2020 daemon.info ipsec: 07[IKE] initiating IKE_SA Control[1] to 87.224.14.189
Mon Oct 19 15:40:44 2020 daemon.notice netifd: ppp (2258): [10-19_15:40:44:907] requestRegistrationState2 MCC: 234, MNC: 10, PS: Attached, DataCap: LTE
Mon Oct 19 15:40:45 2020 local1.info gsmd[1644]: gsmd send: 'AT+COPS?' (9)
Mon Oct 19 15:40:45 2020 local1.info gsmd[1644]: gsmd get: '+COPS: 0,2,"23410",7' (20)
Mon Oct 19 15:40:45 2020 daemon.info ipsec: 07[ENC] generating IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) N(HASH_ALG) N(REDIR_SUP) ]
Mon Oct 19 15:40:45 2020 daemon.info ipsec: 07[NET] sending packet: from 10.176.1.8[500] to 87.224.14.189[500] (570 bytes)
Mon Oct 19 15:40:45 2020 local1.notice fwblock[17021]: Started fwblock
Mon Oct 19 15:40:45 2020 local1.notice fwblock[17021]: Applying SSH blocks
Mon Oct 19 15:40:45 2020 local1.notice fwblock[17021]: Applying WebUI blocks
Mon Oct 19 15:40:45 2020 daemon.info ipsec: 09[NET] received packet: from 87.224.14.189[500] to 10.176.1.8[500] (357 bytes)
Mon Oct 19 15:40:45 2020 daemon.info ipsec: 09[ENC] parsed IKE_SA_INIT response 0 [ SA KE No CERTREQ N(NATD_S_IP) N(NATD_D_IP) ]
Mon Oct 19 15:40:46 2020 daemon.info ipsec: 09[IKE] local host is behind NAT, sending keep alives
Mon Oct 19 15:40:46 2020 daemon.info ipsec: 09[IKE] authentication of 'RDC' (myself) with pre-shared key
Mon Oct 19 15:40:46 2020 daemon.info ipsec: 09[IKE] establishing CHILD_SA Control{1}
Mon Oct 19 15:40:46 2020 daemon.info ipsec: 09[ENC] generating IKE_AUTH request 1 [ IDi N(INIT_CONTACT) IDr AUTH SA TSi TSr N(MOBIKE_SUP) N(ADD_4_ADDR) N(EAP_ONLY) N(MSG_ID_SYN_SUP) ]
Mon Oct 19 15:40:46 2020 daemon.info ipsec: 09[NET] sending packet: from 10.176.1.8[4500] to 87.224.14.189[4500] (348 bytes)
Mon Oct 19 15:40:46 2020 daemon.info ipsec: 10[NET] received packet: from 87.224.14.189[4500] to 10.176.1.8[4500] (204 bytes)
Mon Oct 19 15:40:46 2020 daemon.info ipsec: 10[ENC] parsed IKE_AUTH response 1 [ IDr AUTH SA TSi TSr ]
Mon Oct 19 15:40:46 2020 daemon.info ipsec: 10[IKE] authentication of 'Control' with pre-shared key successful
Mon Oct 19 15:40:46 2020 daemon.info ipsec: 10[IKE] IKE_SA Control[1] established between 10.176.1.8[RDC]...87.224.14.189[Control]
Mon Oct 19 15:40:46 2020 daemon.info ipsec: 10[IKE] scheduling reauthentication in 27830s
Mon Oct 19 15:40:46 2020 daemon.info ipsec: 10[IKE] maximum IKE_SA lifetime 28370s
Mon Oct 19 15:40:46 2020 daemon.info ipsec: 10[KNL] received netlink error: Network is unreachable (128)
Mon Oct 19 15:40:46 2020 daemon.info ipsec: 10[KNL] unable to install source route for 192.168.210.1
Mon Oct 19 15:40:46 2020 daemon.info ipsec: 10[IKE] CHILD_SA Control{1} established with SPIs c6d8212e_i 219ad2b1_o and TS 192.168.210.0/24 === 192.168.100.0/24
Mon Oct 19 15:40:47 2020 user.notice chilli: Stoping chilli.
Mon Oct 19 15:40:47 2020 user.notice chilli: Start
The two subnets are defined in both the routers:
Any ideas?