Sat Apr 19, 2014 8:56 pm
Hi,
yes, you can.
Once you set up VPN link, site A and site B have private IP addresses (for example, router A has 172.16.0.1 and router B has 172.16.0.2 on VPN interface). Router B has another network with the server (for example, network 192.168.2.0/24, router B has 192.168.2.1/24 address and server has 192.168.2.100/24 IP address). Router A gets public IP address (for example 1.2.3.4).
Than you need to set up NATing and routing:
Router A:
/ip firewall nat add chain=dstnat dst-address=1.2.3.4(router A public IP) to-addresses=192.168.2.100(server private IP address)
changes (nats) public IP address to private address
/ip route add dst-address=192.168.2.0/24(router B network where server is) gateway=172.16.0.2(VPN interface IP of router B)
routes traffic with destination address of router B to router B
Router B:
/ip firewall mangle add chain=prerouting src-address=192.168.2.100(server private IP) dst-address!= action=mark-routing new-routing-mark=fromserver
marks traffic from server so it can be routed back to router A
/ip route add dst-address=0.0.0.0/0 routing-mark=fromserver gateway=172.16.0.1(VPN interface IP of router A)
routes marked traffic from server to router A
This should do the trick. Replace example IP addresses with yours. You must not route all traffic from router B to router A VPN IP, because VPN tunneling packets would be trying to get to router A via tunnel (themselfs), which is not possible. Therefor you mark only what is going from the server and set default gateway to router A for marked traffic so it goes back the same way it arrived.
I hope this was helpfull.