I'm doing a small hobby project for which I need external Internet user to connect to my device which is inside home VPN.
First of all, sorry for my ignorance, I am not a network administrator in any stretch of imagination, this is not my domain. For that reason, it is very hard for me to simply "look at the man page" or "look at the forum example" because I do not know what to look for. For the same reason, anything I write (or draw) might be wrongly worded or even fundamentally wrong. Apologies for that in advance.
So this is my network topology:
My use-case is that I want random user (on the left) to be able to access HTTP server running on the mobile phone (right). This user will not be part of the VPN.
Mobile phone with web server is connected to the Internet over 3G. It has OpenVPN Connect installed and is successfully joining the VPN network hosted on the home server (middle). For that I had to set up port forwarding on home router (ISP provided) so that phone can reach VPN server (port 1194 -> 192.168.1.10:1194). I can successfully access http server from home server by using 10.8.0.2:8080.
The problem (and a question) arises when user on the left needs to access my http server on the right. I can not access it by its telecom assigned IP because it is private IP behind the telecom router. On the other hand, if I would like to access it with its VPN IP then my issue is how to do port forwarding on home router because as I understand it, my home router is not aware of the VPN and I can't just set up forwarding to VPN IP inside my VPN network (e.g. Port 8080 -> 10.8.0.2:8080). Even if that would work, my home router allows me to have only one LAN subnet (192.168.1.x). I tried to configure my VPN to run on the same subnet but it still didn't work and even my local network started to break (as I understand it is caused by conflicting subnets).
So what I figured is that OpenVPN itself provides some configuration means for traffic forwarding (iptables and route) but this is where I get completely mindblown as those command require lots of attributes which I do not know how to interpret. I believe I would need to set up port forwarding on home router to route traffic to home server local IP (not VPN) 192.168.1.10 and from there on VPN server would somehow take over and forward the traffic to VPN client 10.8.0.2. It would also need to manage traffic translation when traffic is coming from VPN client (10.8.0.2) to home VPN server (10.8.0.1) so that traffic can successfully reach originating smartphone (user on the left).
I would really appreciate your help!
Is there any example or tutorial specific for my usecase?
Is my usecase even managable?
Do I need to attach my current config? I am not experiencing any specific issues with my config, just asking how to proceed.
