I am setting up L2TP for iPhone access to the internal LAN. Setting up the L2TP and IPsec portions went fine and the phone connects without issue. It receives an internal IP address from the pool. From the phone I can ping the internal IP address of the Mikrotik but nothing else on the inside of the network. I’ve checked firewall rules and I can’t see why it would be blocking this. Perhaps it is a misconfiguration somewhere? I’ve attempted to test with a permit any in the firewall for both the input and forward chains. I have the phone set to “send all traffic” to prevent an issue with split tunneling from the phone’s side. I have all the required ports setup on the input chain for L2TP and NAT traversal. I’m accustomed to Cisco IPsec connections and having to setup no-NAT statements but I don’t think this is required here because the IP address that is being handed to the phone is one from the internal network. Is this some issue at the WAN interface with L2TP?
Thanks.