The only way to accomplish that is to have a Phase 2 entry that looks like: Local Network: Address, <server ip="" address="">Remote Network: 0.0.0.0/0 And the other end would have the opposite settings. Then anything/everything to/from that server that passes through the firewall will be sent over the VPN I have to say though, hosting a game server on the other side of a VPN is going to be awful for latency. That isn't likely to give you good performance, though I suppose that depends on the game.</server>

Solved! Have forgot to change the authentication-mode to eap-radius  :P. After the change and a reboot it works now!!!!  ;D best regards

I figured this out by purchasing a 2220 and copying the config from the wizard. Unfortunately, 2.3 apparently doesn't work with IPSec and BGP so this is a no-go.

Hi, I am having the same issue except changing the DNS resolver doesn't help at all.  I am running 2.3.2 and in order for our VPN clients to resolve LAN DNS is by manually adding DNS to their network interface (wifi or eth)… Adding DNS to the VPN connection didn't help. I have tried all suggestions I found in the forums, but no setting on the pfSense would work. Is yours still working?

AES-GCM in a child SA provides authenticated encryption and therefore does not require a separate authentication/hash step (like SHA1/SHA256) and will therefore perform better especially with AES-NI enabled. I personally believe that AES-128 is perfectly acceptable in almost all circumstances but you will not likely notice a difference between AES-128 and AES-256 so why not… So, yes, I like the settings I used in this example. That's why I used them. :)

@Tramii: @mattbodman: Ok, so I have a mobile tunnel setup which works great, except that even though the DNS settings issued by the IPSec tunnel are correct, no local hosts will resolve. I just had this issue yesterday.  I set up an IPsec VPN and everything worked fine except DNS resolution.  I could ping things by IP but not by name.  Pulled my hair out for hours trying to resolve it.  Finally, I rebooted the pfSense box out of frustration.  That worked.  No idea why, but it did.  I replicated the issue just to verify.  Deleted the VPN setup and recreated it.  Had the same DNS issue.  Rebooting the router fixed it.  Works great now.  No idea why, but maybe it will work for you too? Thanks for posting; I know this is an older thread but this was the answer I needed. Maybe it would have worked to restart the DNS Resolver as well, but rebooting the router fixed this issue for me.

It still works the same way, except there is a bypass for the LAN network itself. Otherwise it still matches based on the contents of the SPD table (Status > IPsec, SPD tab). If a connection matches the SPD table entries, it's put into IPsec. There is no "routing" in the classical sense.

I think you can forget about me, it looks like it's a problem with our network and not pfSense. Sorry for wasting your time, I feel embarrassed for not working this out before manically posting here.

Aaaaand I had the firewall rule wrong. I was only allowing TCP across IPSec and then wondering why I couldn't ping anything or do DNS lookups .  ::) Thanks for helping me check my work.

Is it from the WAN interface logs??

I would start here: https://doc.pfsense.org/index.php/IKEv2_with_EAP-MSCHAPv2

Thank you for posting this it was driving me crazy and I didn't see it.