Hi @thorvaldr,
i tried it a little bit. But i can’t get your setup 100% emulated.
i have one problem with openvpn vtun0 server push-route 123.123.123.158/32
with the this route i don’t get a vpn tunnel open, because this is also the listen ip of the openvpn server.
without, i don’t need a harpin nat rule for openvpn and all worked. I get the Service behind the SNAT from openvpn client and from the client in the same subnet via the external ip.
So do you need the this push-route option?