On-demand VPN for iOS & macOS with IPsec PSK (IKEv2) on pfsense with firewall DNS and traffic filtering for VPN clients
When trying to implement an IPsec based VPN on pfsense for iOS and macOS clients I was struggling with a number of problems. Especially initial tunnel connection, authentication, DNS via VPN tunnel, on-demand VPN connections for iPhone and Mac, and routing all VPN client’s traffic through the tunnel were issues I couldn’t quickly find answers on the web.
On separate issues I found numerous answers — sometimes contradicting each other — and all of this were scattered on various websites. For this reason I decided to write down some configuration instructions so that others having similar issues and myself can comprehend and reproduce a working setup.
The instructions are mainly based on screenshots showing the parameters required for pfsense IPSec working with iOS. I recommend to closely align with it. I did not include many comments, since those could have grown very extensive.
This configuration is tested with iOS12 and iOS13 and pfsense 2.4.4‑RELEASE-p3 (arm) FreeBSD 11.2‑RELEASE-p10.