As the title suggests, I got an IKEv2 tunnel working, at least I did with EAP-MSCHAPv2 and Android Strongswan client.  Before I try to get EAP-TLS working, as it hasn't yet, I want to route ALL client traffic through the tunnel – both LAN and internet traffic.  This hasn't worked at all.  I see outbound traffic allowed from the client IP that was assigned from the VPN network pool, but it appears the return traffic isn't coming back.  The key suggestions I've seen in research is to use 0.0.0.0/0 for the local network in the Phase2 tunnel settings and to manually add a NAT rule for the WAN interface with a source of the VPN network (10.10.10.0/24) translated to the interface (WAN) address.  Neither suggestion has fixed the issue (though the former did ensure I wasn't split-tunneling).
Here are the key components of my setup:
WAN IP set by DHCP
DDNS 41314vpn.ddns.net
LAN address:  192.168.10.0\24 VLAN 5 on local interface
GUEST net: 192.168.11.0\24 VLAN 6 on local interface
VPN -> IPSec -> Mobile Clients; Virtual Address Pool = 10.10.10.0/24, DNS Servers = 1.1.1.1
Firewall -> Rules -> IPSec; single rule allowing IPv4* anything to anything on the IPSEC interface
Firewall -> NAT -> Outbound; Hybrid outbound NAT rule generation, added a rule Interface = WAN, Source address=10.10.10.0/24, Translation / target = Interface address.
I can see the connections being let through in Firewall -> Log Files -> Log view however the client does not get any response and and eventually times out.  Someone reported similar behavior in January (he/she was using iOS clients) and I'm leveraging their report here (thanks!). The behavior is the same. In their case, it looks like at least part of the issue may be a bug requiring the WAN interface to be restarted when changes are made to IPSEC.  I'm not sure that's all I'm missing here as I've rebooted and I still have zero access via the tunnel – it's really like the NAT rule isn't working or I'm missing something else.  
Any suggestions?
			
			
			
				Hello,
I have exactly the same problem, the IKEv2 IPsec tunnel is up (iPhone or Windows) and the traffic (for example RDP) will be passed to the client, but no traffic isn't coming back.
The only thing I didn't try was the NAT rule, but didn't see any documentation about it in the IPsec wiki
regards,
			
			
			
				Hi,
problem solved:
Phase 1 - Install policy must be checked !!