IPSEC mobile client question - DNS and Routin

  • Hello,

    After spending some time on this I've now got my IPSEC pfsense-to-Windows/MacOS/iOS working. I'd been using OpenVPN thus far but I thought I'd spend some time and see if I can get this working since it doesn't require yet another installed app on my devices.

    So now that I have it connected, I've got a few issues.

    #1 - routing Our pfSense has IPSEC site-to-site tunnel to AWS. I'd like to be able to access devices on the other side of this tunnel (i.e. in AWS) when I'm dialled into the IPSEC VPN from say, my Macbook. So I edited the Phase 2 of our existing tunnel to AWS to include the "Virtual Address Pool" that is defined under VPN > IPSEC > Mobile Clients, but this doesn't seem to work. Do I need to set a route somewhere? In OpenVPN, I've got this working by populating the " IPv4 Local network(s) " field in the OpenVPN config, and then modifying the IPSEC tunnel to include the OpenVPN " IPv4 Tunnel Network ". What do I need to do to get the same functionality with IPSEC?

    #2 - DNS - it works OK over windows, but doesn't seem to work on Apple iOS nor Mac OS. I can ping the IP manually when connected, but DNS not working is a real hassle. What needs to be done to fix this? I have already set " Provide a default domain name to clients " and " Provide a DNS server list to clients " and entered servers here. When I manually query the DNS server it works, but I'd like this to just work as it does with OpenVPN.