Hi,
Please help me understand one thing.
There is this convenient "VPN Access" checkbox in Quick Set tab of RB750Gr3 that preconfigures a bunch of settings for VPN access (It sets up PPP user/password, L2TP Server, IPSec Identities with preshared keys, even NAT rules for connections from PPP 192.168.89.0/24 as well as Firewall filtering rules for ports like 4500, 500, or 1701).
But what the quick "VPN Access" checkbox apparently does NOT set up is a rule like "add action=accept chain=input protocol=ipsec-esp", which would allow L2TP sessions to be established. Unless I add this rule before the all denying "add action=drop chain=input in-interface-list=!LAN", I can't authenticate from my Mac over WAN.
Is this an overlook, a deliberate security feature, or am I missing something big here and instead of trying to fix my Mac VPN issues with allowing ipsec-esp on the WAN port I should've done something else?
Thanks!