I was setting up my first VPN today with pfsense 2.3 and had a similar problem (I could access any machine on the LAN, but I couldn't route anything to the Internet). I turned on the Unity plug-in and things appeared to be working on the client, however, I suspect they weren’t working correctly. If you look at Status->IPSec and then “show child SA entries”, on the right side you will see Bytes-In and Bytes-Out. When I turned on the Unity Plug-in, Bytes-Out was zero as long as I tried to access anything on the Internet. It only increased when I accessed a machine on the LAN. My guess is the Unity Plugin directed the client to route Internet traffic locally instead of over the VPN. Since I’m a complete noob with IPSec I don’t know that my conclusion is correct at all. However, I’m guessing something wasn’t right…
After playing around and trying a lot of different setting I found a setting that seems to work, but I don’t know what it’s really doing (I saw this in someone else's configuration). In the Phase 2 settings there is an option for “Local Network”. If I set this to “Network” of 0.0.0.0/0 the VPN appears to work, and the Bytes-Out increment on the Status page (after turning off the Unity Plugin).
Again, I’m a complete noob with IPSec so I’m not sure what I did by setting the Local Network to 0.0.0.0/0. Could someone that understands this better explain? So far the only way the VPN appears to work (for me) is by either setting the Unity Plug-In or by setting the Local Network to 0.0.0.0/0. I’m not sure which is better, or if I should turn off both options and keep looking at other settings.