It turned out that the IPSEC policy was wrong. I used the range of the local LAN addresses as src address (as per AWS instructions) but appareantly this caused trafic to !LAN to get dropped.
Now it's working fine.

After finding this topic: viewtopic.php?t=97626 I tried configuring the VPN connection using static routes (both sides).
The tunnel is working again but still, routing packets to the default route doesn't work.

By looking at the packet flow diagram I have narrowed down the issue to the route lookup. I see the packets passing by in the dst-nat chain but they don't appear in the mangle input or mangle forward processing. So routing of the packets is going wrong somohow. Does it make a difference that these p...

Hello, I have set up a VPC (virtual private cloud) on amazon with a site-to-site VPN connection to our office using IPSEC and BGP. I have an RB3011 in our office to do this. This is all working: I can access EC2 instances inside the VPC from the office LAN and vice-versa. Now, I want to be able to u...

This was due to the bridge being active inside the WAP, after manually reconfiguring the device to CAPS. When you do a reset of the device into CAPS mode, this bridge is disabled.
Thanks for all the pointers.

Hello, I have a simple setup with the RB3011 mostly in its default configuration. Attached to it is a WAP configured as CAP device. Added one bridge for guest network, "bridge-guest". There are configurations for CAPsMAN, one for the 2.4GHz and one for the 5GHz. I can configure the 5GHz in...