Unhandled packets after VPN authentication
I'm setting up IKEv2 VPN on my M470 for the first time. I set it up quickly, using MS NPS as the RADIUS server, and it worked fine. I then changed the config to allow MFA using Duo. That was a whole other battle, but I accidentally got it working.
Now I can connect to the VPN and I get an IP from the WG, but I cannot pass traffic to the internal network or internet. Basically, I can get connected, but that's as far as it gets. I'm getting nothing but unhandled external packets denied in the traffic monitor.
I'm not sure why, since the firewall policy is the same as it was before (utilizing the IKEv2-Users RADIUS group). For kicks, I tried manually moving the rule above the Deny All, but no luck there either.
I feel like I'm probably missing some stupid checkbox somewhere. Any ideas?