A tip about "Network configuration for Virtual Address Pool" in IPSec Mobile Clients configuration.
today I finally have a working ipsec ike2 vpn from pfsense 2.3 to my Windows 10, Mint 18 and 19 clients; as someone have seen I have 2 posts about my issue with creating the tunnel with Mint 18 and 19 and now that I have a full functional tunnel I want to share the last thing that I have learned, i.e. the network to assign in Virtual Address Pool.
During the reading of so many other posts and blogs I found one that opened my eyes: when I'm doing my trial I filled the field with a network that I'm not using (in my case 192.168.105.0), because at this link Configuring an IPsec Remote Access Mobile VPN using IKEv2 with EAP-MSCHAPv2 I red "Enter an unused private Network and appropriate subnet mask (such as /24)"; in my mind "not used" was translated in "you have no devices on it"..I have no devices on in but it was defined on my Cisco 3560 as vlan..so when on a blog I red that I have to enter and "undefined" network I understand what was my error, so simply I changed the lan in 192.168.106.0 (not defined anywhere) and the work is done: every device on my 192.168.0.0 lan was reachable.
Hope this can help other people struggling with this issue.