My goal is to be able to connect to private network located behind OpenVPN client (192.168.1.0/24) via OpenVPN server WAN interface.
For example I want this forwarding: http://{Ubuntu WAN IP}:443 --> http://{Private LAN IP behind OpenVPN client }:443
Please take a look at the attached screenshot.
- Ubuntu VPS knows the route to private LAN subnet that is behind OpenVPN client (192.168.1.0/24) and MikroTik router knows the route to OpenVPN subnet (192.168.7.0/24).
- I can connect to Ubuntu VPS via SSH and successfully ping MicroTik OpenVPN interface (192.168.7.2) and also I can ping any host from MicroTik private LAN subnet that is behind OpenVPN client (192.168.1.0/24) , needless to say the private LAN hosts that are behind OpenVPN client (from 192.168.1.0/24 subnet) can easily ping Ubuntu OpenVPN interface (192.168.7.1) too.
- Also any host from OpenVPN subnet (192.168.7.0/24) if connected to OpenVPN server via OpenVPN client allows communication like http://{Ubuntu WAN IP}:443 --> http://{Private IP of OpenVPN client}:443 using UFW NAT rule.
But:
When I’m trying http://{Ubuntu WAN IP}:443 --> http://{Private LAN IP behind OpenVPN client}:443 I have following behavior:
1) Packets successfully arrive to host behind OpenVPN client (to any host from 192.168.1.0/24 )
2) But the host of this subnet can't route back this received public IP packet via OpenVPN tunnel, it replies using MiktoTik WAN address.
I would very happy if someone is able to help me solve this incredible puzzle.
As I can guess there are several workarounds:
1) Somehow program router to send back packets with specific port (443) via OpenVPN tunnel
2) Somehow masquerade public WAN interface IP of Ubuntu VPS as private address
Any help is needed.
