Messages

Strange, but at a glance it appears to be a almost identical setup to mine.  Surprised you had trouble, but like you said, maybe Win10 20H2 makes the difference.  Glad you got it working.

Upon looking at my strongswan.conf, it looks like you "before".  (see attached).  Not sure why yours would not work until you add it manually.  I also do not show a "rightdns" in my ipsec.conf.  Can you provide screenshots of the Mobile Client settings in the GUI?  That may help. Also what does your network map look like?

Are you also supplying your DNS to your VPN client in the Mobile Clients setup?  If not check the box that says "Provide DNS Server List to Clients" under the DNS Servers section and put you DNS Server IP addresses in there.

What do you have set for your IPv4 Tunnel Network and IPv4 Local Network?  Also do you have "Address Pool" checked?

After much trial and testing, I've come to the determination that the cause of my issue stems around something in the Interface Scrub.  If I disable that RDP works fine.  If it's on I cannot get it to work properly.  I've tried setting an individual setting for the IPsec interface and if I change the Max MSS to 2400 it will allow me to connect to one of my servers.  If it try a desktop it will not work.  If I change it to 2500 I can connect to the desktop but then I cannot connect to the Server.  I have tried different combinations of settings and not made any progress.  As I say though, just turning off the Interface Scrub works, so I guess I'll leave it at that.

Thanks to all who helped
Philip Campbell

Here you go.  It appears to be passing traffic (from what I can see).  But it never finishes loading the Remote Desktop into the server or a desktop I tried as well.

Thanks
Philip

Have never had to turn it off before, but did and still no luck.

Ok,  may have spoke too soon :-\  While I can see my network and do some things (ping several devices and access some machines) I cannot use Remote Desktop (RDP) to connect to my server.  I can ping the server by DNS name and by IP, but not RDP into it.  Thoughts?

Ok.  I have to say thank you for all of your help.  Last thing I have done is change the Local Network address in the Tunnel Phase 2 to 0.0.0.0/0 and it is all finally routing properly.  LAN items to to LAN and I have internet access through the Tunnel.
Again, thanks for all of your help.

I did not change my p2 tunnel, only updated p1 with a different subnet.

Ok, after some playing around I'm part way there. I can now route traffic to my internal network, but I still cannot get to the Internet via my VPN tunnel.  Had to add rule to IPsec to allow my IPsec addresses (VIP now starts at 10.10.0.100/24) to my LAN (or "any" in this case).  DNS and everything there seems to be working fine, but like I said, no internet.  I've tried adding a rule to the WAN, and another rule to the IPsec, but must not have them right.  I also tried adding another outbound NAT to see if that would be the issue.

Yes I do.  I  am not getting any errors connecting (since adding the VIP), only no routing or DNS.  If you need the logs is there an easier way to get them and screenshot?

And here are the Tunnel settings.  I've changed my VIP to a different subnet and still no DNS or routing that I can see.  No internet access either.

Here they are. Hope they help.

Firewall Setup:

https://docs.opnsense.org/manual/how-tos/ipsec-rw-srv-mschapv2.html

Client Setup:

https://docs.opnsense.org/manual/how-tos/ipsec-rw-w7.html