IPSec: Host-to-Net

I need some help setting up IPSec: Host-to-Net (Roadwarrior) and I appologise for being a noob.

First I’ll describe what I did up to this point:
1. I set up dynamic dns,
2. “Connection Status and Control -> Local Subnet” - I set a separate subnet from green (GREEN:, IPSec: Should this be same as Green, or maybe, or did I do this step correctly ??
3. In the Advanced section: https://gyazo.com/18ec5c39fccf4ff39aa5a24fedaf9084
4. I generated the certificates and set a pre-shared key.

Still doesn’t work with my phone. Should I set some Firewall rules, open some ports ? Should I set DNS Forwarding ? Do I need to create a new user ? What else am I missing ?