I can't access devices in local network behind openvpn client using public IP of VPN server.
A little bit of information:
Openvpn server (openVZ, Debian7)
Opevpn client (raspberry pi 2 raspbian jessie).
Everythink works fine, when I use other vpn client to access local network behind other client (client 1 VPN <> server VPN <> client 2 VPN). From client 2 I have access to local network behind client 1 VPN. In server cfg I set iroute etc.
Problem is when I try access for example ip camera in local network behind client 1 using public IP of VPN server.
On the client side set:
iptables -I FORWARD -i tun0 -p tcp -d 192.168.2.2 --dport 8080 -j ACCEPT
iptables -t nat -I PREROUTING -i tun0 -p tcp --dport 8080 -j DNAT --to-destination 192.168.2.2:8080
On the server set:
iptables -I FORWARD -i venet0 -p tcp -d 10.8.0.6 --dport 8080 -j ACCEPT
iptables -t nat -I PREROUTING -i venet0 -p tcp --dport 8080 -j DNAT --to-destination 10.8.0.6:8080
10.8.0.6 is the raspberry pi 2 ip address in VPN
I used tcpdump to see why it won't work.
The reason is that the packets from VPN server have a public IP in source address. When vpn client recived this packet with public ip source address, automatically respond using WAN interface not tun0.
Someone can help me? What should I do set in iptables on server?
PS: In firewall on server I have only one iptables rule:
-A POSTROUTING -s 10.8.0.0/24 -j SNAT --to-source PUBLICIP
