Sometime in the past few releases the default firewall rules where changed for the INPUT chain to block all access not coming from the LAN as the last INPUT rule. Previously the last INPUT chain rule was set to block all access coming from the gateway (WAN) port. This change means that, by default, management access to the router is block from VPN connections to the router. It took me a few hours to notice this and determine why I could not access the router from a VPN connection to the router. This seems to me like a mis-feature.
Was it ever clearly documented that VPN management would not work on a default configuration when VPN is simply enabled via QuickSet? Why is this a "good" idea?