i have just created my first dynamic (one side) ipsec connection, however all i can get through the tunnel is icmp (ping requests), do i need to add firewall rules or nat. I came from a pfsense box scenario and thought id try a real router. I have already added nat bypass on both sides and put them at the top, i have two rb750's running 5.6

Thanks for your time.

In 'Firewall/Filter' add accept rule for UDP/500, for Protocol 50 (ipsec-esp) and for Protocol 51 (ipsec-ah), in 'input' and 'output' chains.

HTH,