pfSense

Following a suggestion to use IKE v2 instead of L2TP/IPsec, I have set up an IKE v2 IPsec connection following https://doc.pfsense.org/index.php/IKEv2_with_EAP-MSCHAPv2
I am able to connect to the VPN but I must be missing something because I cannot connect to machines on my LAN subnet.
My P2 configuration is tunnel IPv4 as per instructions and I have set my local network to my LAN. My LAN subnet is on 10.0.0.0/24 and the virtual address pool for my mobile client is 192.168.128.0/24 . Once connected, when I ping a machine on the LAN subnet, I see the ping request coming in from the virtual address pool address and I see the reply goig to the same IP
tcpdump on LAN machine 10.0.0.2

22:26:48.426110 IP 192.168.128.1 > 10.0.0.2: ICMP echo request, id 1, seq 81, length 40
22:26:48.426328 IP 10.0.0.2 > 192.168.128.1: ICMP echo reply, id 1, seq 81, length 40
22:26:53.334732 IP 192.168.128.1 > 10.0.0.2: ICMP echo request, id 1, seq 82, length 40
22:26:53.334753 IP 10.0.0.2 > 192.168.128.1: ICMP echo reply, id 1, seq 82, length 40
22:27:58.453157 IP 192.168.128.1 > 10.0.0.2: ICMP echo request, id 1, seq 83, length 40
22:27:58.453400 IP 10.0.0.2 > 192.168.128.1: ICMP echo reply, id 1, seq 83, length 40

On my client machine, I do not get the reply back.

Note that I have tried setting the local network to 0.0.0.0/0 and I was able to ping hosts on the internet - but still no luck with my LAN machines