Hey,
I have a router located in point A and another router in point B.
Router A it’s the main one, and B it’s from another PoP.
Router A and router B are connected with SSTP VPN.
Problem starts because I was masquerading the traffic on router B with following NAT rule:
add action=masquerade chain=srcnat disabled=yes out-interface=RouterA
Using this will send packets with the IP Address of the SSTP Local VPN IP Address instead of the originating IP Address from the LAN of router B. In case of affected machines that would send packets to router A, I will not be able to trace exactly the affected machine since I will see the IP Address of the SSTP Account and not the originating one.
If I disable the NAT masquerade rule, I will not be able to access the web servers from router A.
What firewall rule should I use?