I'd like to connect a Linux client using Microsoft Remote Desktop Protocol (RDP) at the 1st remote location to a Windows machine at a 2nd remote location over a Mikrotik VPN at at 3rd location. Therefore, all three have different public facing IP's.

Due to legacy concerns and cross-OS compatibility, I use a hAP ac² on RouterOS v6.49.10 with L2TP-IPSec VPN. Both remote clients can connect into the hAP ac2 router successfully, and both can remote desktop into clients within the LAN network at the 3rd location. All clients at all 3 locations are on the same subnet 192.168.88.1/24 and use split-tunnel on my remote clients to connect to local resources at the router's location.

My issue is that client at 1st location cannot RDP to client at 2nd location. Are there any good solutions?

Thank you.

bump

Explanation is a bit weird, why would I involve a third site and not direct site to site for the two devices as you say they have three different facing IPs.
In other words a diagram will help and much clearer full explanation.
Does each site have an MT router etc....

Sorry about the lack of clarity or its convoluted nature -- linking a sketch: https://ibb.co/4Tm1N8P. I want to communicate from location 1 to location 3 via a Mikrotik L2TP-IPSec VPN.

I have set up split-tunneling at Locations 1 & 2 so that everything on 192.168.88.0/24 goes to the Mikrotik. Location 1 computer (192.168.88.101) can RDP to Location 3 computer (192.168.88.103). Similarly with laptop at Location 2 (192.168.88.102) into Location 3.

Hmm was going to suggest wireguard but your stuck vers6, firmware.. Gluck.

Such a bummer, if I am really without an option.

Since I can RDP from the cloud into the LAN network, isn’t it a matter of adjusting firewall and/or port settings?

This is a bit (lot) of a hack. (Hopefully temporary until you determine what the underlying issue is)

You could possibly source nat traffic from site 1 towards site 2 with the mikrotik at site 3 so it looks to be coming from site 3 (probably from
the mikrotik's IP Address).

Need to make sure first that traffic from site 1 towards site 2 actually gets to the mikrotik.
If not might also need to use dst-nat. (eg. site 1 connects to 3389 on Mikrotik's IP, which port forwards it to Site 2's IP which sees it coming from Mikrotik's IP)

I can administer the Mikrotik router (on 192.168.88.1) from afar over VPN, so I am getting in. I don’t know how to assign a static LAN IP to the two remote locations getting a VPN connection, so that affects perhaps some the solution you suggest.

One thing of note is some weirdness (my ignorance) in understanding why the VPN connections get assigned the same IP address as the router and simultaneously a unique LAN IP. I need to take a screenshot and upload to here. Maybe that both remote locations have 192.168.88.1 being routed to them (somehow) could be the source of the problem/conflict.