There is a problem, which was described by fpawlak here
viewtopic.php?p=850891&hilit=IKEV2+dhcp ... 49#p850891
I made test lab and reproduced the problem.
Test 1.
Pre-requisits.
1) Windows 10 client
2) Hap lite as IKEv2 server
3) Server and client in the same local network
4) Filter is empty
5) IKEv2 IPSEC Peer configured local-address on bridge interface
6) Bridge VLAN Filtering is disabled
7) splite-inclide=10.10.10.0/24, 172.24.25.0/24 in mode config
Windows 10 client connected VPN and obtain splite-include networks, sending dhcp inform message (249 option). It's OK.
Test 2.
Pre-requisits.
1) Windows 10 client
2) Hap lite as IKEv2 server
3) Server and client in the same local network
4) Filter is empty
5) IKEv2 IPSEC Peer configured local-address on VLAN interface
6) Bridge Filtering enabled. (In production environment there was switch chip configuration on RB1100AHx2. I detected issue on it before. And behaviour of IKEv2 server the same).
7) splite-inclide=10.10.10.0/24, 172.24.25.0/24 in mode config
Windows 10 client connected VPN and NOT obtain splite-include networks,
It sends dhcp inform message (wireshark confirms that packets sent to server), Mikrotik received packets (log firewall filter confirms that packets reaches router), but IKEv2 server NOT RESPONDS with dhcp ack.
SA established. VPN working, but splite-include networks NOT RECEIVED (!!!)
Test 3.
Pre-requisits.
1) Windows 10 client
2) Hap lite as IKEv2 server
3) Server and client in the same local network
4) Filter is empty
5) IKEv2 IPSEC Peer configured local-address on VLAN interface
6) Bridge Filtering enabled
7) Another bridge is created
VLAN interface added as a port to another bridge9) splite-inclide=10.10.10.0/24, 172.24.25.0/24 in mode config
Windows 10 client connected VPN and obtain splite-include networks, sending dhcp inform message (249 option). It's OK.
So, Is it bug or a feature? )