[strongSwan] strongswan behind ec2 classic and iOS client issue

[WorkingMan]

I made some progress and I am having a different issue now. The problem it 
seems that p12 file i had was not enough for iOS (not sure why). I had to 
install CA's cert to make iOS connect to VPN (after CA's cert installation 
client cert becomes trusted by iOS not sure if that's the reason why it 
worked).

After client is connected I don't have DNS setup on client side (used net 
analyzer app to see that on iOS). So I fooled around dns setting in 
strongswan.conf and it wouldn't work (not pushed to client). I had to add 
rightdns=<ip> in ipsec.conf to make it work (does this setting accept 
multiple DNS?).

So half of the issue is completed. I still can't connect when the phone is 
on 3G (but WIFI is fine; so NAT on either end, from Amazon, and from local 
router). I suspect there is a routing issue.

Thanks

Thanks in advance