IPSEC Mobile Client--Weird Issue with 0.0.0.0/0

jdangjohnny

To make a long story short: I am a coming back user. Left PFSENSE when the WG mess happened. Anyway, I install 2.60 and now start to rebuild my VPN again. I will deal with the PFSENSE WG later. Right now I am using an UBUNTU behind PFSENSE for the WG.
I am now trying to enable IPSEC Mobile Clients for my iPhone/iPad and my wife’s too. I can read so I follow the instruction (even re-watch a youtube video). I am using IKE v1 (for my mobile device.) I am able to connect so we know all the settings are correct EXCEPT for one thing:
In Phase 2, if I set the network to either WAN or LAN, I am able to connect.
IN Phase 2, if I set the network to network and enter 0.0.0.0/0, the VPN failed at my iPhone.
WHAT is IT? A new feature from Apple? I do have the FW rule: any to any allow in the IPSEC firewall rule. I know it is working because when it is connected I did get the assigned IP address (I even used the IP set in the instruction of the Netgate website. When I replace the IP address on the server, I see it changes in the iPhone. But I cannot use the network 0.0.0.0/0?

For my iPad, I can access the LAN so I can watch HDHomeRun but the iPhone needs protection so I need the iPhone to use 0.0.0/0. Any idea? Thanks in advance.

I know I can only use one: LAN or WAN or NETWORK.

jimp

You might be hitting https://redmine.pfsense.org/issues/11539 though that would have also affected 2.5.x.

jdangjohnny

@jimp

Thanks. This make sense... I can confirm: IOS 15.3.1 (both IPHONE and IPAD PRO) failed badly. I was hoping to use the Mobile Client for 0.0.0.0/0. I can still use the LAN access. Really appreciate the note so I can stop digging.