PHP

Request to the server from a single IP address?

A head and branch network of Mikrotik routers has been configured, consisting of one head Mikrotik (for example, its white IP address is 1.2.3.4) and a number of other branch Mikrotiks.
Each branch Mikrotik also has its own white IP. Let's say branch #1 has a white IP 1.2.3.11, branch #2 has a white IP 1.2.3.22, etc.
The scheme is standard, configured according to the “Star” type, i.e. in the middle of the scheme is the head 1.2.3.4, the l2tp / IPsec server with the VPN subnet 192.168.50.1 is configured there, on each branch office the l2tp / IPsec client with the address 192.168 .50.2, at the second branch 192.168.50.3, etc.
Accordingly, each Mikrotik has its own subnet (192.168.3x.x) with users. All necessary subnets see each other normally.

Task:
Now there is a question of integration with one of the applications of a third-party developer. This application should only be accessed by a few PCs from each subnet (head and branch). For example, the IP of the PC of the first branch is 192.18.31.10, and we will test from it.
It is necessary to send requests from this branch PC to this developer's application server and this server must see that the request came from the white IP 1.2.3.4 anyway, i.e. from the IP address of the head Mikrotik.
Those. at the request of the developer, their application server (let's say its white IP 7.7.7.7) should see requests from our side only from one white IP address of the head Mikrotik, i.e. from 1.2.3.4., regardless of whether we work with this server from the branch PC or from the head.

For the test, I took 2ip.ru as an example, where you can see which white IP is in real time.

Question:
If you just set up a separate route on the branch Mikrotik via IP->Routes, i.e. register in each branch:
Destination - 7.7.7.7
Gateway - 192.168.50.1
Distance -1
then when you start the check from the branch PC (192.18.31.10) on 2ip.ru, you can see that 2ip.ru shows IP 1.2.3.4, i.e. Head Mikrotik. At first glance, the issue seems to have been resolved, but it is necessary that such a solution work only for several PCs of each branch (and not for the entire 192.168.31.x subnet). Until I understand how to set up such filtering for only a few PCs of each branch.

If you add the IP address 192.168.31.10 in the above option to Pref.Source, then 2ip.ru issues a white IP of the branch Mikrotik.

The request to prompt in what direction to dig further. If you work through NAT, then what specific rule to configure there?

Do I need to set up Proxy on Mikrotik of the head office as an example?