Your solution is correct.
What likely happens, when remote subnet is set to 0.0.0.0/0, is that any packet entering RUT's LAN is immediately encapsulated with IPsec headers and attempted to forward through the IPsec tunnel.
This is resolved, when LAN is set as a passthrough interface.
Alternatively, in RUT IPsec configuration you could simply enable Default route option. This should also equivalent to 0.0.0.0/0 as a remote subnet and LAN set as passthrough interface.