Here is the situation.
I have successfully set up OpenVPN server on VPS (IP: 1.1.1.1). I have then connected my MikroTik to that server as a client (WAN: 2.2.2.2, LAN: 10.10.10.0/24, Client VPN IP: 10.8.0.101). I have also set up port forwarding on VPS so once you try to connect with 1.1.1.1:2502 you are actually connecting with my server in LAN (IP: 10.10.10.5) on port 2502. OpenVPN knows the routes, so there are following rules in iptables:
*nat
-A PREROUTING -d 1.1.1.1/32 -p tcp -m tcp --dport 2502 -j DNAT --to-destination 10.10.10.5:2502
-A POSTROUTING -d 10.10.10.5/32 -p tcp -m tcp --dport 2502 -j SNAT --to-source 10.8.0.1
This one I found on the following site https://ubuntuforums.org/showthread.php?t=2319289
There is also masquerade set up to allow using OpenVPN to connect with specific IPs in the Internet.
-A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE
On MikroTik I have:
/ip firewall nat
add action=masquerade chain=srcnat comment="Maskarada WAN" out-interface-list=WAN to-addresses=0.0.0.0/0
/interface list
add name=WAN
/interface list member
add interface=BrokNET list=WAN
add interface=OVPN list=WAN
What the problem is?
The problem is, that on my local server 10.10.10.5 all clients connected to that server show their source IP as the IP of OpenVPN server (10.8.0.1) instead of the real ones. I have already tried to change masquerade rule on iptables to:
iptables -t nat -A POSTROUTING -s 10.10.10.0/24 -o eth0 -j SNAT --to-source 1.1.1.1
but it didn’t help. Also tried to do the same with masquerade rule on MikroTik and changed it to:
/ip firewall nat
add action=src-nat chain=srcnat comment="Maskarada WAN" src-address=10.10.10.0/24 to-addresses=10.8.0.101
but this didn’t help too.
I will appreciate any help.
Thanks in advance.