So I am trying to see if this is possible or not and if it is then how to do it.
I have a VPN server doing L2TP connections. Each remote connection is another mikrotik. I can manage the tiks remotely when connected to the mane vpn server network.
However I want to be able to manage this tiks behind the VPN from an offi site computer. So I have tried port forwarding with no luck
chain=dstnat action=dst-nat to-addresses=192.168.220.2 to-ports=80 protocol=tcp dst-port=60050
Please advise.
Make sure there are no address defined in /ip services for port 80.
No port 80 defined in ip services. Is there anything special i need to do for it to go over the vpn from an external address?
dst-nat rules do not change the source IP in a packet. So when your packet gets forwarded down the VPN to the next Mikrotik, that Mikrotik will reply directly to your PC over the internet. Your PC will drop that packet because it’s expecting the response to come from the first Mikrotik’s public IP.
You would need a complex set of firewall rules to achieve what you want. If your PC has a dynamic public IP, then I can’t even think of how it would work with firewall/nat rules.
It’s much simpler to connect your PC to the main server via VPN to access remote Mikrotiks.
Or use DDNS to track the public IPs of the remote Mikrotiks and connect to them directly to manage them.
Thanks Van9018 thats what I was afraid of