Cannot connect from Local lan to system connected via Open VPN

RouterOS General
1

Here is my setup :
MikroTik RouterOS 6.33.5
RB1100AHx2


I have an IP range of 192.168.0.0/24 for local lan, behind the lan I have a server which has an IP address 192.168.0.3. I have setup this server as OpenVPN server.
When I connect from an external system via OpenVPN, everything workings fine, I can ping the systems on local lan and I can access all network resources.

However my local lan systems cannot access or even ping the external system that is connected via OpenVPN.

The Open VPN IP address is 172.27.224.0/20 .

I have setup all the required firewall rules and routes, but looks like I am missing something basic. Please help.

\

feb/02/2016 20:41:26 by RouterOS 6.33.5

software id = BM0F-DF12

/interface ethernet
set [ find default-name=ether6 ] name=LAN
set [ find default-name=ether3 ] name=LAN2
set [ find default-name=ether1 ] name=WAN1
set [ find default-name=ether2 ] name=WAN2
set [ find default-name=ether4 ] master-port=LAN2
set [ find default-name=ether5 ] master-port=LAN2
set [ find default-name=ether7 ] master-port=LAN
set [ find default-name=ether8 ] master-port=LAN
set [ find default-name=ether9 ] master-port=LAN
set [ find default-name=ether10 ] master-port=LAN
/ip pool
add name=dhcp ranges=192.168.0.25-192.168.0.254
add name=dhcp_pool1 ranges=192.168.1.2-192.168.1.254
/ip dhcp-server
add address-pool=dhcp disabled=no interface=LAN name=dhcp1
add address-pool=dhcp_pool1 disabled=no interface=LAN2 name=dhcp2
/interface bridge port
add interface=LAN
add interface=LAN2

================================================================

/ip firewall filter
add action=drop chain=input comment=“drop ssh brute forcers” dst-port=22 protocol=tcp src-address-list=ssh_blacklist
add action=add-src-to-address-list address-list=ssh_blacklist address-list-timeout=1w3d chain=input connection-state=new dst-port=22 protocol=tcp src-address-list=
ssh_stage3
add action=add-src-to-address-list address-list=ssh_stage3 address-list-timeout=1m chain=input connection-state=new dst-port=22 protocol=tcp src-address-list=ssh_stage2
add action=add-src-to-address-list address-list=ssh_stage2 address-list-timeout=1m chain=input connection-state=new dst-port=22 protocol=tcp src-address-list=ssh_stage1
add action=add-src-to-address-list address-list=ssh_stage1 address-list-timeout=1m chain=input connection-state=new dst-port=22 protocol=tcp
add action=drop chain=input comment=“drop ftp brute forcers” dst-port=21 protocol=tcp src-address-list=ftp_blacklist
add chain=output content=“530 Login incorrect” dst-limit=1/1m,9,dst-address/1m protocol=tcp
add action=add-dst-to-address-list address-list=ftp_blacklist address-list-timeout=3h chain=output content=“530 Login incorrect” protocol=tcp
add action=drop chain=input dst-port=53 in-interface=WAN1 protocol=udp
add action=drop chain=input dst-port=53 in-interface=WAN1 protocol=tcp
add action=drop chain=input dst-port=53 in-interface=WAN2 protocol=udp
add action=drop chain=input dst-port=53 in-interface=WAN2 protocol=tcp
add action=drop chain=input dst-port=23 in-interface=WAN1 protocol=udp
add action=drop chain=input dst-port=23 in-interface=WAN1 protocol=tcp
add action=drop chain=input dst-port=23 in-interface=WAN2 protocol=udp
add action=drop chain=input dst-port=23 in-interface=WAN2 protocol=tcp
/ip firewall mangle
add action=mark-routing chain=prerouting new-routing-mark=other src-address=192.168.0.0/24
add action=mark-routing chain=prerouting new-routing-mark=first passthrough=no src-address-list=Other
add action=mark-routing chain=prerouting new-routing-mark=first src-address=192.168.1.0/24
/ip firewall nat
add action=masquerade chain=srcnat out-interface=WAN1
add action=masquerade chain=srcnat out-interface=WAN2
add action=dst-nat chain=dstnat dst-address=XXX.XX.XX.XX9 dst-port=1194 protocol=udp to-addresses=192.168.0.3
add action=dst-nat chain=dstnat dst-address=172.27.224.0/20 to-addresses=192.168.0.3
add action=dst-nat chain=dstnat dst-address=XXX.XX.XX.XX9 dst-port=943 protocol=udp to-addresses=192.168.0.3
add action=dst-nat chain=dstnat dst-address=XXX.XX.XX.XX9 dst-port=443 protocol=tcp to-addresses=192.168.0.3
add action=dst-nat chain=dstnat dst-address=XXX.XX.XX.XX9 dst-port=80 protocol=tcp to-addresses=192.168.0.10
add action=dst-nat chain=dstnat dst-address=XXX.XX.XX.XX9 dst-port=8888 protocol=tcp to-addresses=192.168.0.3 to-ports=22
add action=dst-nat chain=dstnat dst-address=XXX.XX.XX.XX0 dst-port=8888 protocol=tcp to-addresses=192.168.0.2 to-ports=22
add action=dst-nat chain=dstnat dst-address=XXX.XX.XX.XX9 dst-port=943 protocol=tcp to-addresses=192.168.0.3
add action=masquerade chain=srcnat out-interface=LAN src-address=172.27.224.0/20
/ip route
add distance=1 gateway=106.51.36.1%WAN2 routing-mark=other
add distance=1 gateway=106.51.36.1%WAN1 routing-mark=first
add distance=1 gateway=106.51.36.1
add distance=1 dst-address=172.27.224.0/20 gateway=192.168.0.3