My goal is to be able to connect to private network located behind OpenVPN client (192.168.1.0/24) via OpenVPN server WAN interface.
For example I want this forwarding: http://{Ubuntu WAN IP}:443 → http://{Private LAN IP behind OpenVPN client }:443
Please take a look at the attached screenshot.
- Ubuntu VPS knows the route to private LAN subnet that is behind OpenVPN client (192.168.1.0/24) and MikroTik router knows the route to OpenVPN subnet (192.168.7.0/24).
- I can connect to Ubuntu VPS via SSH and successfully ping MicroTik OpenVPN interface (192.168.7.2) and also I can ping any host from MicroTik private LAN subnet that is behind OpenVPN client (192.168.1.0/24) , needless to say the private LAN hosts that are behind OpenVPN client (from 192.168.1.0/24 subnet) can easily ping Ubuntu OpenVPN interface (192.168.7.1) too.
- Also any host from OpenVPN subnet (192.168.7.0/24) if connected to OpenVPN server via OpenVPN client allows communication like http://{Ubuntu WAN IP}:443 → http://{Private IP of OpenVPN client}:443 using UFW NAT rule.
But:
When I’m trying http://{Ubuntu WAN IP}:443 → http://{Private LAN IP behind OpenVPN client}:443 I have following behavior:
- Packets successfully arrive to host behind OpenVPN client (to any host from 192.168.1.0/24 )
- But the host of this subnet can’t route back this received public IP packet via OpenVPN tunnel, it replies using MiktoTik WAN address.
I would very happy if someone is able to help me solve this incredible puzzle.
As I can guess there are several workarounds: - Somehow program router to send back packets with specific port (443) via OpenVPN tunnel
- Somehow masquerade public WAN interface IP of Ubuntu VPS as private address
Any help is needed.