Road Warrior IPsec & Split-Tunnel

[csmall]

I followed this guide to get IPsec VPN working with Android using strongswan client and IKEv2.

https://wiki.opnsense.org/manual/how-tos/ipsec-rw-srv-eaptls.html

I connect just fine and can access the the firewall web interface on the LAN address but it is split tunnel.

I would like to force the Android phone to force all traffic over the tunnel. How can I do that?

If I can't force all traffic over the tunnel I would at least like to force dns resolution to take advantage of my pihole on mobile.

[csmall]

I tried a couple of things I found after searching the forums.

I tried changing the p2 local network to 0.0.0.0/0 and creating an outbound NAT rule on the WAN interface with a source of the VPN address pool network translated to the WAN address. After these changes when I connected to the tunnel I could no longer get to the internet.