Does Asus' IPsec implementation allow LAN access?

[Ceejus]

Before anyone asks:
1. I'm already using OpenVPN and Wireguard for LAN Access; this is a question out of curiosity since I am tinkering with IPsec for fun (though if it does allow me to access devices on the LAN, it would be a helpful backup seeing as it's natively implemented into Windows and Android).
2. I'm not installing Merlin or OpenWRT; not only do I not really have a use case for third party firmware yet but even if I did, I'm using a GT-BE98 Pro which AFAIK is so new it doesn't even have third party firmware available. Also, I'm pretty sure those developers haven't bothered with IPsec.

Asus IPsec forces all remote clients into the 10.10.10.0/24 range and there is no option to push the LAN to them like there is with OpenVPN and Wireguard. As far as I can tell, Asus' IPsec implementation is only good for routing remote internet-bound traffic through the router, which would only be useful for security in public areas at best. Is there actually some way to account for this limitation via firewall rules and/or static routes?

 

[bbunge]

Asus Instantguard is an IPsec implementation and I can access LAN clients with it.

 

[aex.perez]

On my AX88 with Merlin 386.6 it does, set it up per support page on ASUS support, use with Win11 laptop (native client), and works as if connected locally via WiFi/wired albeit a little slower

 

[Ceejus]

On my AX88 with Merlin 386.6 it does, set it up per support page on ASUS support, use with Win11 laptop (native client), and works as if connected locally via WiFi/wired albeit a little slower

View attachment 56100

You're able to access other machines in your LAN with regular IPsec? Are you able to remote desktop into a Windows machine on your LAN? If so, how were you able to set this up? The base IPsec config doesn't push the LAN to the remote client.

 

[aex.perez]

I did exactly what's on the support page on the link I shared. I'm using the Win 11 native client but have not tried RDP (over TCP port 3389) but able to access the NAS and shares I have on a desktop.
The instructions I used are here: https://www.asus.com/support/faq/1044190/

Laptop on Win 11 home, so no RDP

 

[VANT]

You're able to access other machines in your LAN with regular IPsec? Are you able to remote desktop into a Windows machine on your LAN? If so, how were you able to set this up? The base IPsec config doesn't push the LAN to the remote client.

i also use ipsec and no problem with access to local devices. In my case ipcams, servers and other

 

[Justinh]

Right. I'm thinking would would be the point of remotely connecting if you couldn't reach LAN devices. Can you even access the Internet?

 

[aex.perez]

Yes, on both Lan devices and Internet, accessing my Nest Cams and thermostats, Amazon Alexa devices, the Samsung TV's (IP Remote control), and appliances (directly via their app), HP via the app, (LPD or over port 9100) printer everything works the same whether I'm on IPSec VPN, Lan or WiFi I don't have to select a network to include or exclude as I do for OpenVPN. IP4 and IP6 work as well.