OVPN Roadwarrior Webservice over RED Interface reachable

I have a mobile router with a PLC connected to it. On the PLC a web server is running on port 443.
The connection via OVPN is established and works. I can access the webserver from the green network via https.
Now I have created an A-Host in the DNS which points to a public IP on the red interface.
Ping works, DNS resolution also and the IP address is correct. From the green network I can reach the web server. This works fine
Now I created a FW rule “from red to VPN client LAN, destination NAT, destination port 443”.)
But it doesn’t seem to be that simple, does anyone have an idea how I can get this to work so that when I enter the URL in the browser somewhere, I get to the IP of the red interface and the IPFire forwards the packets to the LAN of the OVPN client?

br, Thomas