Interesting @cfusco. Seems unnecessary, seeing as all devices on blue are blocked by default, but interesting all the same.
@jon: are you not able to use your phone as a hotspot? That would allow you to connect devices to the internet via WiFi through your phone’s data connection, which might work.
Totally unnecessary. I just wanted to see if it would work.
IP addresses.
On IPFire → Primary DNS: 192.168.65.1
• menu Network > DHCP Server
-and-
On the Mac → DNS Servers: 192.168.65.1
• menu System Preferences > Network > Wi-Fi > Advanced > DNS
No Hotspot. The cell company decided this was a big $$ add-on! I’ll need to check if I can subscribe / unsubscribe to the hotspot. Maybe I can subscribe for a month and then unsubscribe.
Ahh - Got it! Thank you!
I changed the Server Address from my dynamic DNS FQDN to a local IP address and it connected! Yay!
I was changing the Remote ID info 
It does not fully work since local DNS is missing. And there are other things that seem very broken.
BUT it does allow me to do some “Connect” testing! So that will do for now.
Thank you to all for your comments and help!
not yet. Probably this weekend when less people are using the internet.
Are you experiencing issues? What do you see?
If someone needs IPSec Split-Tunneling (tested for macOS) so that the traffic is split between Roadwarrior’s local network and the ipfire/office-network (by default the whole traffic is routed through ipfire/office’s network, which is not always desired):
Just edit /etc/strongswan.d/charon/attr.conf on ipfire and add the attribute:
25 = myoffice.local
Then restart ipfire’s ipsec:
#ipsec restart
You can also narrow your “Local Subnet” from 0.0.0.0 to e.g.: 192.168.64.0/24 (for example myoffice.local subnet is 192.168.64.0/24) instead of 0.0.0.0/0.
See original article here: StrongSwan, IKEv2, Split DNS and iOS
And discussion here:
IPSec on macOS and split tunneling - #14 by cgil
Also it would be great to have this feature in IPSec’s WebUI since setting “DNS Server” doesn’t enable directly split-tunneling…at least for me.
Yes - IPsec still works A-OK! I tested with my iPhone and I did some simple tests and all works as expected.
Core 160 working nice as well 
Maybe not the best quote. Anyway I’m having an issue that may very well is caused by how a RoadWarrior connection is intended to work.
I refer to wiki.ipfire.org - Global Configuration
The specific problem is that I can’t get Roon to work. (Hope you’re familiar with Roon).
So locally I can stream from Roon to my iPad (Roon shows up as an endpoint). However this doesn’t work at all under VPN on my iPad. I can easily access Roon, and play to other endpoints on same network.
I think the reason for this is that Roon doesn’t see my iPad being on same subnet as the Roon core, and hence won’t allow streaming to my iPad over VPN.
Is this correct understood?
I tried to edit global settings to my local 192.168.50.0/24, but that didn’t work at all.
So is there a way I can configure iPfire to solve this problem?
I tried something indicated in this article, but no success 192.168.0.0/23 which I think ought to work, but doesn’t.
And if there is absolutely no way, even a very creative one, what could I ask from the Roon team to change in their SW, in order to make this work.
(Of cause they can’t allow me to stream to anywhere I like, so I need to convince the team of an almost bulletproof solution).
