I have little problem which i don’t know how to solve.
I have created OPENVPN and client connection and that part is working fine.
When mangle rule to route traffic over cable modem is enabled vpn client can’t see NAS.
Router ip: 192.168.32.1, NAS 192.168.32.3 port 6541
Client over VPN 192.168.32.44
DDNS is noip…
There are two WAN connections: pppoe VDSL, and DHCP cable.
MANGLE
chain: prerouting, src. address 192.168.32.3, in. interface:lan bridge, action: mark routing, new routing mark to_cable
When mangle rule is disabled everything is working fine, when is enabled NAS is no longer available over VPN. Where is the problem?
As you have guessed, on that mangling: you’re forcing all routed replies from the NAS to egress via cable modem.
Mangle and routing manipulation needs careful settings, considering all possible scenarios; otherwise (as you experienced) routing breaks on unpredictable ways.
You cannot just blindly force outgoing traffic to go towards an arbitrary WAN on a dual WAN scenario; internal outgoing connections are not the same as replies to previously ingress traffic. You need to make sure instead that traffic entering by a given WAN gets any replies through the same one.
In your specific scenario, traffic enters via VPN towards the NAS, but its replies are forced through cable WAN, whereas it should be left alone so that it returns via VPN. If cable WAN goes offline, NAS initiated traffic towards internet will also break.
As pukkita pointed out, that presentation is very good for your problem.
You need to isolate the traffic from lan to vpn and not pass it through your mangle rules.
Easiest way: mangle - prerouting src lan class - dst vpn class, set to accept.
I have a similar problem I created a vpn connection for privacy which works great after creating the mangle rule but now when I connect to my remote access vpn clients that use the privacy vpn cannot be reached from the remote access vpn. Any suggestions to restore? It works fine if I disable the mangle rule.