I have a scenario like in picture:



R1 has public IP and is configured as L2TP Server! R2 have just internet over nat and is configured as L2TP client! Both routers have full routing table to know each-other routes. R2 has a CCTV system connected. I can access this system from R1 LAN. Also there are some other routers connected to R1 with L2TP and have routes to go to R2, from their LAN I can access CCTV system to!

But I want to access this system from WAN side, so created a portforward role to R1 from WAN IP to CCTV system IP I can see traffic pass router but cannot access CCTV System

Any mind if it should work...

If you configure everything properly, it should work. The main part is making sure that R2 routes response packets from CCTV back to R1 via tunnel, and doesn't try to send them directly to client's address. So mark incoming connections from tunnel and then mark routing for replies to go back to tunnel.

You might have to do some src NATing on R1 side for WAN client in order for other side to return packets via R1

Or that. But unless R2 is something limited (so not with RouterOS or any other advanced enough system), it can be done without it.

Just got it! Have to create a mangle rule to routing mark traffic of my camera and set a default route for this marked traffic and set as exit interface my vpn interface!