Site2Site with mobile client connecting too

  • Hello,

    We've got two pfSense firewall with one static IP each and an IKEv2 VPN between them.
    It all works well, the VPN is mostly used for remote printing and RDP.

    But, there's a special use case:
    We've got some people who are at site2 and using their own notebook with IKEv2 to connect to site1.
    In Windows the error "13868 - Policy match error" pops up.

    The client is using the open Wifi at site2 and we can't allow Site2Site VPN traffic for this Wifi for obvious reasons.

    Are there any solutions for this?