Configuring OpenVPN tunnel to bypass NAT?

In General, we decided to make the tunnel on this article: https://habr.com/ru/post/216101/
But since I'm too lazy to crawl to the router, decided from the chain to remove it, and directly send packets with a VPS on the computer. For the test I took my PC (VPN client, it will be a web server), a laptop with xubuntu (VPN server, it will be in the role of VPS) and phone (in the role of a client).
Everything is connected in the local network of the router is 192.168.0.1, ie all my devices on the same network.

Did everything according to instructions, and more precisely: built a VPN tunnel between laptop and a computer (can forward packets to each other), and set up iptables on the same laptop as written in the article:

So, for example, looks the forwarding of the ssh port on one of the machines in my home network:
# Forward SSH port to server
iptables-t nat -A PREROUTING policy -d XX.XX.XX.XXX -p tcp --dport 666 -j DNAT --to-dest 192.168.1.200:22
iptables-t nat -A POSTROUTING -d 192.168.1.200 -p tcp --dport 22 -j SNAT --to-source 10.9.8.1

For my situation I have this option:
iptables-t nat -A PREROUTING policy -d 192.168.0.180 -p tcp --dport 80 -j DNAT --to-dest 192.168.1.154:80
iptables-t nat -A POSTROUTING -d 192.168.0.154 -p tcp --dport 80 -j SNAT --to-source 10.9.8.1

192.168.0.180 - notebook
192.168.0.154 - comp
Everything happens on port 80

Started the tunnel, a web server on your PC and tried with the phone to connect to laptop by ip address and port 192.168.0.180:80, but no that did not work, what could be the problem?
Do I need any adjustments to carry out on the computer? Laptop and PC safely via a VPN issue with each other, but the laptop does not let the phone to my computer.
March 19th 20 at 08:35
2 answers
March 19th 20 at 08:37
Laptop as a gateway, so to do on the laptop here it is:
http://xgu.ru/wiki/Форвардинг
If does not help, then the phone to do a traceroute 192.168.0.180 (for this to put on the phone terminal, if not yet), and the tracing result to the Studio.
Enable forwarding did not help, now the second laptop will appear, and will make tracing - Rubie.Klocko commented on March 19th 20 at 08:40
For example, and the meaning of the trace? If redirection is when you request to tcp port 80.
In General, I opened wireshark on the laptop and on the computer, and found an interesting picture of the packages with my phone forwarded to a computer, but the computer has not seem to go and on the laptop can not see that the comp was trying cheto there to send, apparently the computer instead of something to send a response through the VPN tunnel, trying to send a standard way.
How can I fix this? Windows 7

Conclusion shark with a computer
yEPyLK7.png

Conclusion the shark with the laptop
-jJ7LOa0M-c.jpg - Rubie.Klocko commented on March 19th 20 at 08:43
March 19th 20 at 08:39
To understand how in this article option does not require the clients to see each other, so there is not. By default, clients do not see each other.

In the config of the VPN server, add a line: client-to-client

All that the article that you have additional settings NATа is not required because NAT client requests will skip the default and the corresponding responses from the server the same.
I would also set the keepalive and authentication keys.
keepalive is needed not only in order to detect connection faults, but to NAT, "don't forget" the connection.

The article is not very good, IMHO.

Find more questions by tags Network administrationOpenVPNLinux