Preserving Source IP using SSL Preread + OpenVPN

Please if anyone could help. I am trying to setup an OpenVPN server running on 443 tcp behind an Nginx 1.11.13 proxy while preserving the source IP.

I have searched long and far and my nginx.conf is currently as follows:

stream {

map $ssl_preread_server_name $name {
mydomain.com backend;
default default-backend;
}

upstream backend {
server 10.100.0.102:443; <-- Backend nginx server
}

upstream default-backend {
server 192.168.1.154:443; <-- OpenVPN server
}

proxy_protocol on;

server {
listen 443;
proxy_pass $name;
ssl_preread on;
}

Leaving proxy_protocol off (or commented out) I am able to connect to my OpenVPN server on 443 without any issues. Only problem is all forwarded requests show the IP address of this nginx server 10.100.0.102. I am unable to filter or deny requests based on IP since its all from myself.

Upon turning proxy_protocol on I can now see all requests from source IP using real_ip_header proxy_protocol. Only problem is now OpenVPN is unable to connect due to TRANSPORT_ERROR "NETWORK_EOF_ERROR".


Does anybody know a way to allow connections to an OpenVPN server behind an Nginx proxy while preserving source IP?
Please help.