My Mikrotik roter has LAN ip range : 192.168.0.0/24
My router connects to een vpn server. My router has client vpn ip address 192168.200.2
The VPN server has ip address 192.168.200.1
An other vpn client has ip address 192.168.200.4

From my Mikrotik router I can ping 192.168.200.1 and 192.168.200.4
But the clients behind the Mikrotik router can ping 192.168.200.1 but cannot ping 192.168.200.4

My firewall is not the problem. Even with the firewall accept all (inbound outbound and forward) it doesn't work.

Ping from my vpn server to 192.168.200.2 and 192.168.200.4 works fine.
Ping to 192.168.0.0/24 works fine too.

Does anyone has an idea ?

The other side doesn't know your internal network, to resolve you need to setup src natting on your vpn interface (src-nat or masq)

I did that.

But why can my router ping 192.168.200.1 (vpn server)
And my vpn server kan ping my pc on lan 192.168.0.2

for masq, out interface should be the vpn interface not ether1
don't use srcaddress list on the rule & just nat all going out over vpn -> less potential for issues

Hi,

thx but
when I use this one : I can ping 192.168.200.1

But my internet connection for the clients 192.168.0.0./24 don't work anymore.

How can I make 2 src nat rules ?

I think I found it. Is this correct ?

don't see/have the details, but vpn needs to be src-nat, and if your internet uplink probably as well, so in that sense it might be