Hello,
I have MikroTik RB2011UAS (head office, L2TP server) and RB951Ui-2HnD (approx. 80 on retail shops, L2TP clients)
Some of clients do not have “white” ip-addresses (using LTE-dongles to access the internet)
Client establishes L2TP tunnel to server (all shops subnets are in 10.0.0.0/8, eg. 10.60.7.0/24), and it’s subnet accessible from PCs on office.
So, I want to make one of devices on shop without “white” ip accessible by office “white” ip through NAT
/ip firewall nat
add action=dst-nat chain=dstnat comment=video_6007 dst-port=7053
in-interface-list=WAN log=yes protocol=tcp to-addresses=10.60.7.10
to-ports=80
But I can’t access HTTP service on device from this VPN subnet using office white IP.
Log record: dstnat: in:pppoe-datagroup out:(unknown 0), proto TCP (SYN), 46.211.126.235:44020->80.77.34.191:7053, len 60
Seems that it “can’t understand” route to IP from VPN subnet.
Any suggestions?