Ipsec ikev2 routing

Installing and Using OpenWrt Network and Wireless Configuration
1

Hello.

I am trying to use OpenWRT instead of RouterOS by MirkoTik.

I was also reading the openwrt manuels und google was my friend, but unfortunately i was not able to find a solution or used wrong key words to find it... anyway.

My Question is:

OpenWRT (basic installation with strongswan-full) as IKEv2 Client:
config is OK, but when i am using rightsubnet: 0.0.0.0/0 -> not able to connect to luci nor ssh.
without rightsubnet, connection is established; but no traffic goes through the tunnel

My Goal is to route only some traffic through the ikev2 tunnel, example only somedomain.com.
All other traffic bypasses vpn.

Hope you understand my approach and someone can give my some tutorials or the solution.

ipsec.conf:

conn v1
  keyexchange=ikev2
  dpdaction=clear
  dpddelay=300s
  eap_identity=USERNAME
  leftauth=eap-mschapv2
  left=%defaultroute
  leftsourceip=%config
  right=IP_ofVPN_Provider
  rightauth=pubkey
  #rightsubnet=0.0.0.0/0
  rightid=%any
  type=tunnel
  auto=add

strongswan.conf:

# Configuration changes should be made in the included files

charon {
	load_modular = yes
	threads = 16
        dns1 = 192.168.1.1 
        nbns1 = 192.168.1.1
	plugins {
		include strongswan.d/charon/*.conf
	}
}

include strongswan.d/*.conf

firewall (all standard only followin added):

config rule
	option name 'Allow-IPSec-ESP'
	option proto 'esp'
	option target 'ACCEPT'
	option src 'wan'

config rule
	option name 'Allow-ISAKMP'
	option src 'wan'
	option dest_port '500'
	option proto 'udp'
	option target 'ACCEPT'

config rule
	option name 'Allow-IPSec-NAT-T'
	option src 'wan'
	option dest_port '4500'
	option proto 'udp'
	option target 'ACCEPT'

config rule
	option name 'Allow-IPSec-AH'
	option src 'wan'
	option proto 'ah'
	option target 'ACCEPT'

config zone
	option name 'vpn'
	option forward 'REJECT'
	option output 'ACCEPT'
	option masq '1'
	option mtu_fix '1'
	option network 'IPSec'
	option input 'REJECT'

config forwarding
	option dest 'vpn'
	option src 'lan'

network (only added this):

config interface 'IPSec'
	option ifname 'ipsec'
	option proto 'none'
	option auto '1'
	option delegate '0'

If you need more details please tell me.

Thx in advance!

mali