IPSEC VPN works, no remote access to router

Hi folks,

I set up an ipsec vpn tunnel between a sonicwall tz400 and a routerboard 750g r2, running latest ROS and firmware. Clients on both sides of the VPN can access resources on the other side no problem, file servers, printers, unifi, etc. However, I am unable to remotely manage the mikrotik router. SSH, WinBox, and the web interface all time out.

I don’t see how it is firewall or NAT as everything else works as intended. Is there a special rule you have to invoke for remote management via VPN?

TIA,

TK421

Well, I had followed the IPSEC tunnel guide on the wiki, and that worked fantastic. I had added RAW rules for no track on prerouting between the two LANS, and that worked fine as mentioned before for everything except accessing the mikrotik router.

0 chain=prerouting action=notrack log=no src-address=192.168.248.0/24 dst-address=192.168.8.0/21
1 chain=prerouting action=notrack src-address=192.168.8.0/21 dst-address=192.168.248.0/24

Once I added this to the FILTER rules, I was fine.

chain=input action=accept src-address=192.168.8.0/21 dst-address=192.168.248.0/24 log=no

Can anyone help me understand why the RAW prerouting rules didn’t apply to managing the router? Or point me to a resource? This is over my head.

Thanks!