Hi,
I need to make a source nat (masquerading) of remote address assigned to OpenVPN clients.
That's because the mikrotik device is only used as VPN concentrator and is NOT the default gw of the LAN.
Since I can't add a static route on every server connected to the LAN I would masquerade the pool of private IPs assigned to the OpenVPN clients with the mikrotik's LAN IP.
In this way all the traffic coming from OpenVPN clients would appear to the servers as generated by the mikrotik, with no need to any extra route, being the private OpenVPN pool "hide" by this NAT.
Unfortunately src-nat rule doesn't match even if I set no filter parameter other than source OpenVPN IP pool (the counter doesn't increment at all).
It "seems" src-nat chain is not accessed by OpenVPN traffic, although the Packet Flow v6 states the traffic is before decapsulated to the virtual interface then processed by the chains.
(The bridged OpenVPN (tap) is not viable).
I just would src-nat 10.0.0.50-99 to 192.168.0.10 (please see the attached diagram for details).
Any hints?
TIA
Riccardo