IPsec VPN on mobile Question

[csmall]

How can I prevent the tunnel from being split tunnel? I want to force all traffic over the tunnel.

I'm using ikev2 and strong swan client on Android.

My main goal is using my pihole for dns remotely. So if that is possible without forcing all traffic over the tunnel then if be happy with that as well.

Any help much appreciated.

Right now it is split tunnel

[mimugmail]

I don't get it, when you set your internal DNS as system DNS, why do you need to route all traffic over the tunnel?
In strongswan app you can set the specific routes to tunnel trough network, they have to match on both sides and then you can also tunnel ALL traffic.

[csmall]

In phase2 I have the network set to lan but I tried switching it to network 0.0.0.0/0 and then on strong swan client I tired adding 0.0.0.0/0 as a subnet to send over the tunnel.

I was unable to access the internet at that point on the mobile device but I was able to still get to the opnsense web interface and I ternal resources by ip.

[mimugmail]

You need outbound Nat for your tunnel network.

[csmall]

Thanks. I tried adding that as well and internet access still doesn't work over the tunnel. I'll have to dig deeper.. maybe it is being blocked somewhere.

I get the feeling it may be dns related so I'll try to go to an IP and see if I can get out. That should point me in the right direction

[csmall]

Thanks. I tried adding that as well and internet access still doesn't work over the tunnel. I'll have to dig deeper.. maybe it is being blocked somewhere.

I get the feeling it may be dns related so I'll try to go to an IP and see if I can get out. That should point me in the right direction

It works now. Thanks again!

[ChrisBondy]

How did you get it work? I've been trying. with Android and Mac Mobile.
Both connect without any issues. I sent both to use 8.8.4.4, internet works.
But can't see or connect to anything inside the network.
 I followed the road warrior document.