I'd like to limit access to Winbox port of my MikroTik only to:
1. LAN - no limits in Winbox port access
2. WAN - allow only to user connected using OpenVPN
I tried by using src ip range to limit access only to IP range assigned by OpenVPN but apparently firewall checks "real" user's IP (it's dynamic) not IP assigned by OpenVPN
How can I add rule to match traffic generated by OpenVPN clients and allow only them to access Winbox?