Yep, it workedIf you only want the roaming client to be able to connect to devices in 192.168.20.0/24 and not vice versa (i.e. you don't need that those devices could actively initiate connections to the roaming client), /ip/firewall/nat/add src-address=172.16.10.2 dst-address=192.168.20.0/24 action=masquerade should do the trick. With this rule in place, the hosts in 192.168.20.0/24 will see the incoming connections from the roaming client as if they were initiated by the router itself so they won't need a route to 172.16.10.2.
Thanks all
Statistics: Posted by noxxsan — Mon Dec 04, 2023 12:02 am