Good evening all.
I have followed the instructions in the documentation on how to set up IPSec VPN for Road Warrior. While I can reach the internal network once connected to the VPN, none of my devices are able to access the internet while connected to the VPN.
Any advice would be greatly appreciated. Screen shots of my Mobile and Phase 1 tunnel setup attached.
Phase 2 and firewall rule setup.
Figured out the issues:
1. The firewall rule for IPsec needs to have a destination of any (as opposed to the LAN net as per the documentation).
2. Need to create an Outbound NAT rule for the ip addresses of the IPsec net. NOTE: cannot use "IPsec net" - it won't work. Need to use the ip addresses.
3. In the Mobile Clients setup, I assigned three DNS servers: one for the OPNsense firewall and 2 for Cloudfare DNS.
4. In Unbound access lists, set the IPsec net ip addresses as allowed to access.
All screenshots enclosed.