I followed this guide to get IPsec VPN working with Android using strongswan client and IKEv2.
https://wiki.opnsense.org/manual/how-tos/ipsec-rw-srv-eaptls.html (https://wiki.opnsense.org/manual/how-tos/ipsec-rw-srv-eaptls.html)
I connect just fine and can access the the firewall web interface on the LAN address but it is split tunnel.
I would like to force the Android phone to force all traffic over the tunnel. How can I do that?
If I can't force all traffic over the tunnel I would at least like to force dns resolution to take advantage of my pihole on mobile.
I tried a couple of things I found after searching the forums.
I tried changing the p2 local network to 0.0.0.0/0 and creating an outbound NAT rule on the WAN interface with a source of the VPN address pool network translated to the WAN address. After these changes when I connected to the tunnel I could no longer get to the internet.