Hey all,
I spent the weekend to get my IPSec road warrior up and running successfully. I was at first running dual stack, and IPv6 wasn't working, but IPv4 was. It turns out I had the wrong subnet. Rookie mistake. Once I got the right subnet up and running though, I didn't have any network connectivity, except ICMP and UDP traffic.. or so I thought. I had the DNS in my IPSec IPv4 pool to my adguard instance hosted on my opnsense box, so 192.168.1.1. I could see traffic getting to the DNS server, but for some reason, my end user device was not getting the answers. I stumbled across this: https://forum.opnsense.org/index.php?topic=30967.0. That told me I need to set up a static route for the IPSec subnet so that the DNS servers could figure out where to send the packets. I realize I could use a public DNS, and it would work, but then I wouldn't get any of my adguard features, which is part of the reason I wanted to do this in the first place.
I was also hoping that the documentation (https://docs.opnsense.org/manual/how-tos/ipsec-swanctl-rw-ikev2-eap-mschapv2.html#method-1-shared-ip-pool-for-all-roadwarriors) could get updated, since it has the user configure the DNS to the router, so the guide won't work as is.
I hope someone finds this useful.
Thanks!