Cannot route IPSec back out to internet (iOS)
I'm trying to setup an IPSec tunnel to securely route all of the traffic on my iPhone (iOS 10.2.1) through my home network/pfsense box. Running PFSense 2.3.2-RELEASE-p1
The purpose is two-fold:
Provide secure connection when using public wifi
Easy access to my NAS, without having to expose the NAS to the world
I was able to get the basic IPSec V1 setup partially working. My iPhone connects to the VPN fine. I'm able to get an internal IP address, be pinged from PFsense/other machines on network, connect to pfsense/nas via ip or DNS name.
However, after connecting, the iPhone is no longer able to reach the internet. The error I get from chrome is simple connection timeout. I tried connecting to one of Google's public IPs to see if it was just DNS, but I'm not able to do that either.
I've search through the firewall logs real-time while trying to connect and I cannot find any cases of something associated with IPSec or the iPhone's IP getting blocked.
My NAT is a hybrid outbound setup, the hybrid piece automatically picked up the subnet for IPSec.
I also tried adding a manual NAT entry like: IPSec any * * * IPSec address * , but this has no effect.
I'm able to ping the iPhone when connected, but cannot traceroute from pfsense or other machines. I tried ICMP traceroute to no avail.
At this point I'm stumped as to what to check further.
I have multiple OPT1 type interface in use, some of them LAGG and another bridged with LAN.
Finally, I have an OpenVPN client on the WAN interface which all LAN traffic is getting sent thrrough.
I have a feeling it could be something to do with the subnet I've selected for IPSec or some other NAT issue… but could be totally wrong.
Any ideas on what to check further? What other information could I provide to make my network easier to understand.