There is a local network with the server and router on Openwrt. There is an external vps with a static IP. On VPS install and set up Softether VPN Server
. The house was set up Softether VPN Bridge and joined to the vpn server through a Layer 3 Bridge. That is, at home I have a subnet 192.168.0.0/24, the clients on the vps have the subnet 192.168.1.0/24. Vps customers have access to the Internet through the external interface of the vps (static ip), clients of the local network through the ISP (dynamic ip obtained by dhcp from the ISP). Routes proposely on the vps is set up iptables, network can see each other and pingoat. By connecting, for example from your phone to the vpn server, I can go to smb-balls, web-muzzle webmin'a, openmediavault'and router in the home network. It would seem all is well, but... On your home server has deployed the services using docker containers (fashionable, Yes:)) like qbittorent, nextcloud, etc. and to them no access. I.e. from the local network I have access to them at ip_server:port_service and can even ping the ip of the container (172.19.0.X 172.21.0.X, etc.), but connected to a vpn phone - no.
The only way you can connect it to traverse the port on the router (in the openwrt), then it turns to enter the ip of the router (192.168.0.1:port_service), which is not convenient, but at least works.
Not good at system administration and iptables, so it is not possible to organize NATтинг so that vpn clients were full-fledged members of a LAN.
Which direction a move?