I have a remote location using a security DVR. The internet access is being provided via a Verizon jetpack that i have associated using station pseudobridge. I have established a PPTP VPN connection that works great. I can view the DVR through the VPN from the other end without issue. Now i cant figure out how to use mobile devices to view the DVR. The Verizon Jetpack will not allow incoming connections so i im trying to do my port forwarding from the other end of the VPN to no avail. I setup the NAT rules however the forwarding is not reaching the DVR on the other end.
Are you sure about this part? Because the most likely scenario is that port-forwarded packets are reaching DVR just fine, but replies are sent via default route instead of back to VPN, and that can’t work.
Solution for that would be one of following:
a) Create new default route in different routing table (routing-mark=) with gateway being the other end of VPN. Mark incoming connections from VPN. For reply packets belonging to marked connections, mark routing to use the other default route.
b) Add masquerade rule at VPN server, to make all connections to DVR appear to be from VPN server itself. That way the client router will have no doubts where to send replies.