I have a router setup some time ago to act as an L2TP (ipsec) server to Windows 7/iPhone devices. Works great.
I tried to duplicate that today for someone else and was basically copying my rules over to a new device.
I have two NAT rules:
0 chain=srcnat action=masquerade out-interface-list=WAN log=no
1 ;;; (needed for VPN clients!)
chain=srcnat action=masquerade src-address=192.168.1.0/24
dst-address=!192.168.1.1 log=no log-prefix=""
Without the "(needed for VPN clients!)" rule enabled, the VPN client connects to the router, and I can ping the router and WebCfg the router, but I cannot get BEYOND the router to computers/printers etc. that are connected to that router.
I'm trying to figure out why I would need that rule and how I came upon it. I'm sure when I was doing this the first time I must have googled it (should have copied the http for the comment) and found that it worked.
The router's IP is 192.168.1.1. The rule seems to indicate the router should masquerade anything coming from the network behind the router, that isn't destined FOR the router.
I'm obviously a little confused and any insight would be helpful.