Sure and sorry for not giving those details in advance @anav:
- Network diagram is attached
- Mikrotik config
# dec/02/2022 19:35:41 by RouterOS 7.6
# software id = A0I5-RK7A
#
# model = RBD52G-5HacD2HnD
/interface bridge
add admin-mac=C4:AD:34:42:87:54 auto-mac=no comment=defconf name=bridge
add disabled=yes name=bridge-guest
/interface wireless
set [ find default-name=wlan1 ] antenna-gain=0 band=2ghz-b/g/n channel-width=\
20/40mhz-XX country=no_country_set disabled=no distance=indoors \
frequency=auto frequency-mode=manual-txpower installation=indoor mode=\
ap-bridge ssid=MikroTik-428758 station-roaming=enabled wireless-protocol=\
802.11
set [ find default-name=wlan2 ] band=5ghz-a/n/ac channel-width=\
20/40/80mhz-XXXX country=germany disabled=no distance=indoors frequency=\
auto installation=indoor mode=ap-bridge ssid=MikroTik-428758 \
station-roaming=enabled wireless-protocol=802.11
/interface wireguard
add listen-port=13231 mtu=1420 name=wg_MK
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
/interface lte apn
set [ find default=yes ] ip-type=ipv4 use-network-apn=no
/interface wireless security-profiles
set [ find default=yes ] authentication-types=wpa2-psk mode=dynamic-keys \
supplicant-identity=MikroTik
add authentication-types=wpa2-psk management-protection=allowed mode=\
dynamic-keys name=bedroom supplicant-identity=MikroTik
add authentication-types=wpa2-psk eap-methods="" management-protection=\
allowed mode=dynamic-keys name=profile-guest supplicant-identity=""
/interface wireless
add keepalive-frames=disabled mac-address=C6:AD:34:42:87:58 master-interface=\
wlan1 multicast-buffering=disabled name=Kima-guest security-profile=\
profile-guest ssid=Kima_guest wds-cost-range=0 wds-default-cost=0 \
wps-mode=disabled
/ip pool
add name=dhcp ranges=192.168.88.4-192.168.88.254
add name=dhcp_pool1 ranges=192.168.80.2-192.168.80.7
/ip dhcp-server
add address-pool=dhcp interface=bridge name=local
add address-pool=dhcp_pool1 disabled=yes interface=bridge-guest name=\
dhcp-guest
/ppp profile
set *FFFFFFFE interface-list=LAN
/routing bgp template
set default disabled=no output.network=bgp-networks
/routing ospf instance
add disabled=no name=default-v2
/routing ospf area
add disabled=yes instance=default-v2 name=backbone-v2
/interface bridge port
add bridge=bridge comment=defconf ingress-filtering=no interface=ether2
add bridge=bridge comment=defconf ingress-filtering=no interface=ether3
add bridge=bridge comment=defconf ingress-filtering=no interface=ether4
add bridge=bridge comment=defconf ingress-filtering=no interface=ether5
add bridge=bridge comment=defconf ingress-filtering=no interface=wlan1
add bridge=bridge comment=defconf ingress-filtering=no interface=wlan2
add bridge=bridge-guest ingress-filtering=no interface=Kima-guest
/ip neighbor discovery-settings
set discover-interface-list=LAN
/ip settings
set max-neighbor-entries=8192
/ipv6 settings
set disable-ipv6=yes max-neighbor-entries=8192
/interface list member
add comment=defconf interface=bridge list=LAN
add comment=defconf interface=ether1 list=WAN
add interface=*12 list=LAN
add interface=wg_MK list=LAN
/interface ovpn-server server
set auth=sha1,md5
/interface wireguard peers
add allowed-address=192.168.100.2/32 comment="Google Pixel" interface=wg_MK \
persistent-keepalive=20s public-key=\
"Pfmi3/wQ5pWjIkEG6KsFZkedeMqqpZxf0NSkcAssMGw="
add allowed-address=192.168.100.3/32 comment="XFEL xps" interface=wg_MK \
persistent-keepalive=20s public-key=\
"4PU7dj42N+fo19sG09XRtaRR3BkfwUB+NJYUTrJBqDI="
add allowed-address=192.168.100.4/32 comment="XPS 13" endpoint-address="" \
interface=wg_MK persistent-keepalive=20s public-key=\
"isrPebjdKSYMPbkiOqXvlSc3pCcJ6JPW1i3EOrVGwUY="
/ip address
add address=192.168.88.1/24 comment=defconf interface=ether2 network=\
192.168.88.0
add address=192.168.80.1/24 disabled=yes interface=bridge-guest network=\
192.168.80.0
add address=192.168.100.1/24 comment=Wireguard interface=wg_MK network=\
192.168.100.0
/ip arp
add address=192.168.88.2 interface=bridge mac-address=EE:94:F6:E5:72:FA
/ip dhcp-client
add comment=defconf interface=ether1
/ip dhcp-server lease
add address=192.168.88.5 client-id=\
ff:cb:39:a:c7:0:2:0:0:ab:11:f4:43:bb:8e:29:87:24:f comment=Homeserver \
mac-address=70:85:C2:81:A3:29 server=local
add address=192.168.88.93 client-id=1:b8:27:eb:12:95:c6 comment=waterpi \
mac-address=B8:27:EB:12:95:C6 server=local
add address=192.168.88.23 client-id=1:0:26:18:9c:ba:13 comment=\
"arch escritorio" mac-address=00:26:18:9C:BA:13 server=local
add address=192.168.88.7 client-id=1:54:8d:5a:75:4a:ea comment="xps xfel" \
mac-address=54:8D:5A:75:4A:EA server=local
add address=192.168.88.50 client-id=1:EE:94:F6:E5:72:FA mac-address=\
EE:94:F6:E5:72:FA server=local
add address=192.168.88.13 comment=xps13 mac-address=9C:B6:D0:D1:1E:DD server=\
local use-src-mac=yes
add address=192.168.88.26 client-id=1:b4:2e:99:d0:f5:3f comment="maria pc" \
mac-address=B4:2E:99:D0:F5:3F server=local
add address=192.168.88.111 client-id=1:b8:27:eb:ce:42:d6 comment=HyperBian \
mac-address=B8:27:EB:CE:42:D6 server=local
add address=192.168.88.8 client-id=1:a4:50:46:35:fd:39 comment=Pocophone \
mac-address=A4:50:46:35:FD:39 server=local
add address=192.168.88.12 client-id=1:82:cd:6b:6f:80:a4 comment=Pixel6 \
mac-address=82:CD:6B:6F:80:A4 server=local
/ip dhcp-server network
add address=192.168.80.0/24 gateway=192.168.80.1
add address=192.168.88.0/24 comment=defconf dns-server=192.168.88.99 gateway=\
192.168.88.1
/ip dns
set allow-remote-requests=yes
/ip dns static
add address=192.168.88.1 name=router.lan
/ip firewall filter
add action=accept chain=input comment="allow wireguard" dst-port=13231 \
protocol=udp
add action=accept chain=input comment="allow wireguard traffic" in-interface=\
wg_MK src-address=192.168.100.0/24
add action=accept chain=input comment=\
"defconf: accept established,related,untracked" connection-state=\
established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=\
invalid
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=drop chain=input comment="defconf: drop all not coming from LAN" \
in-interface-list=!LAN
add action=accept chain=forward comment="defconf: accept in ipsec policy" \
ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" \
ipsec-policy=out,ipsec
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" \
connection-state=established,related hw-offload=yes
add action=accept chain=forward comment=\
"defconf: accept established,related, untracked" connection-state=\
established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" \
connection-state=invalid
add action=drop chain=forward comment=\
"defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat \
connection-state=new in-interface-list=WAN
/ip firewall nat
add action=masquerade chain=srcnat out-interface=ether1
add action=dst-nat chain=dstnat comment="SSH arch desktop" dst-port=5023 \
in-interface=ether1 protocol=tcp to-addresses=192.168.88.23 to-ports=22
add action=dst-nat chain=dstnat comment="HTTPS homeserver" dst-port=443 \
in-interface=ether1 protocol=tcp to-addresses=192.168.88.5 to-ports=443
add action=dst-nat chain=dstnat comment="HTTP homeserver" dst-port=80 \
in-interface=ether1 protocol=tcp to-addresses=192.168.88.5 to-ports=80
add action=dst-nat chain=dstnat comment="SSH homeserver" dst-port=5005 \
in-interface=ether1 protocol=tcp to-addresses=192.168.88.5 to-ports=22
add action=dst-nat chain=dstnat comment="SSH gitlab" dst-address-list=\
192.168.96.17 dst-port=10222 in-interface=ether1 protocol=tcp \
to-addresses=192.168.88.5 to-ports=22
/system clock
set time-zone-name=Europe/Berlin
/system routerboard settings
set auto-upgrade=yes
/tool mac-server
set allowed-interface-list=LAN
/tool mac-server mac-winbox
set allowed-interface-list=LAN
/tool netwatch
add disabled=yes host=192.168.88.5 interval=1m timeout=1s type=simple
- My goal is to access the services (e.g., git.elnota.space) running on the home server (elnota.space, private IP: 192.168.88.5) when I'm connected to the VPN running on Mikrotik from my laptop (private IP: 192.168.100.2) when I'm outside my Home LAN. When connected to the VPN, I can browse the web but I can't access any of the services running on the home server by using their subdomain address (e.g., git.elnota.space).
When I'm in my LAN, I can access those services without any issues. The same happens when I'm outside my LAN and not connected to the VPN from Mikrotik.
If more details are needed, please let me know
You do not have the required permissions to view the files attached to this post.