Mobile VPN Clients cannot reach remote LAN after 2.6 to 2.7 upgrade

NZ

Problem since we upgraded from v2.6 to v2.7
We have L2TP over IPSEC Mobile VPN setup.
On v2.6 when VPN is established anything on the remote LAN is accessible.
However after upgrading to v2.7 we can' see anything on the remote LAN expect the
-PFsense IP
-L2TP server IP
-VPN client IP

Somehow nothing else is getting routed from the VPN client to remote LAN beyond PFsense.

Doesn't look like this is a blocking issue.
It seems to be routing related.

We're still pulling our hair out trying to troubleshoot this.
But we did find a difference betwen v2.6 and v2.7 in the routes table.
The remote LAN is 192.168.1.0/24
PFsense is on 192.168.1.1
L2TP server IP: 192.168.1.247
VPN client IP: 192.168.1.248

In v2.6 the Gateway assignment looks like this (in the routes table):
192.168.1.1 Gateway: link#4
192.168.1.247 Gateway: link#9
192.168.1.248 Gateway: link#9

But on v2.7 it looks like this:
192.168.1.1 Gateway: link#4
192.168.1.247 Gateway: link#4
192.168.1.248 Gateway: link#9

You can see the gateway relation.
It seems to reversed.

This was as straight upgrade.
We even did a backup and restore to difference box, with the same results.

stephenw10

See: https://forum.netgate.com/post/1178312