IOS -> WiFi -> pfSense -> VPN = No Go

My home network is setup with a Netgate SG-2100 with pfSense running. There are three networks LAN (WiFi/wired), IoT (WiFi), and Guest (WiFi). Everything runs fine getting to the internet.

I recently set up OpenVPN client on the network as per Tom’s video (Setting up PIA VPN on pfSense for your whole network and Configuring Selective Routing - YouTube) from 3 years ago. OpenVPN connects to my VPN provider fine. All my computers connected to the LAN (WiFi and wired) access the VPN perfectly. The Roku TV on the IoT network goes through the VPN just fine, no buffering of videos.

However, the IOS devices (2 iPhones, 2 iPads) connect to the LAN WiFi okay. All the iPhone and iPads cannot connect through the VPN to the internet. When I disable the VPN, the IOS devices can browse the internet without problems.

Spent the past two days searching for an answer, nothing seemed to fit my setup. Any help would be greatly appreciated.

If other non IOS devices are working then the issue has to be with them, but that is not a problem that I have encountered. Can then ping locally and can then ping ? Are you sure it’s not just a DNS issue?

Just some ideas you can try out if everything else fails:

  1. load a vpn cert from your provider on your idevice and see if you are able to connect
  2. completely wipe/reset your network settings on your idevice, I recall having to do this for my ipad when trying to connect to a new AP.

If your AP supports multi-SSID why don’t you just setup a vlan with the gateway set to your VPN provider, usually that’s easiest, set a kill switch anything connecting will go out via the VPN, if your VPN fails then no traffic leaves.

DNS ! Rats!! I swear I am losing my mind! Everything is now running correctly.

I do have another question, do I really need to keep all the ISAKMP rules for the LAN, IOT, and Guest networks? I am only accessing my external VPN provider, and possibly setting up an OpenVPN server for connecting to my home network from outside.

Thanks for the help

Those are used for IPsec, if you are using OpenVPN you can delete them, at least I have, though I have set my rules to manual.