Users access internet via WSS using IPSEC tunnels.
New IPSEC tunnel added for remote location where users cannot access internet - browser reporting connectivity errors to whatever site user accesses, and browser HAR file shows no responses to requests.
IPSEC tunnel logs indicate tunnel is up and running.
PCAPs from host client show no HTTP requests go out.
DNS configured to go to internet DNS server but WSS does not have all VPN ports enabled.
Changed DNS to point to a local DNS server and all worked fine.
Alternatively, could have enabled VPN all ports license to route DNS traffic to public DNS servers.