Allow traffic from openvpn to my LAN

RouterOS Beginner Basics
1

Hi,

I have a mikrotik router as an openvpn client to a pfsense box

local LAN (192.168.1.x/24) → (192.168.1.250) Mikrotik (10.0.5.2) ↔ (10.0.5.1) Pfsense (192.168.10.1) ← Remote Lan (192.168.10.x/24)

I connect fine to pfsense and all the machines in the remote network are accessible from my local network

My problem is that the remote network cannot access my local network.

My firewall setup is the following

/ip firewall filter

add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=accept chain=forward dst-port=1194 protocol=udp
add action=accept chain=forward disabled=yes dst-port=80 protocol=tcp
add action=accept chain=forward dst-address=10.8.0.0/16 src-address-list=\
    forward_ovpn
add action=accept chain=input comment="defconf: accept established,related" \
    connection-state=established,related
add action=drop chain=input comment="defconf: drop all from WAN" \
    in-interface=WAN_INT
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" \
    connection-state=established,related
add action=accept chain=forward comment="defconf: accept established,related" \
    connection-state=established,related
add action=drop chain=forward comment="defconf: drop invalid" \
    connection-state=invalid
add action=drop chain=forward comment=\
    "defconf:  drop all from WAN not DSTNATed" connection-nat-state=!dstnat \
    connection-state=new in-interface=ether1



	
/ip firewall mangle
add action=mark-packet chain=prerouting new-packet-mark=vpn_internal \
    passthrough=yes protocol=tcp src-address=10.8.0.0/24
add action=mark-packet chain=prerouting dst-address=10.8.0.0/24 \
    new-packet-mark=vpn_internal passthrough=yes protocol=tcp
	
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" \
    out-interface=WAN_INT
add action=dst-nat chain=dstnat comment=openvpn dst-port=1194 in-interface=\
    WAN_INT protocol=udp to-addresses=192.168.1.2
add action=masquerade chain=srcnat out-interface=pfsense

How can I make my LAN accessible from the remote LAN?

Thank you

PS. I have an openvpn server in my local network also (10.8.0.x - 192.168.1.2)

2

Do devices in remote network (including Pfsense) have route to 192.168.1.0/24? If interface “pfsense” is the tunnel, masquerade rule makes all connections coming from you appear to be from 10.0.5.2, so this direction would work even without proper route on remote side.