I have a port-share setup with OpenVPN and Apache over HTTPS which works nicely. However, in my Apache logs the requests are logged with the OpenVPN server IP, rather than the client's actual IP.
This makes any analysis of these logs useless, and I'd like to log the client's IP. How can I do that?
It doesn't look like this will be possible - the only way you'd be able to do this is if OpenVPN were to intercept your HTTP requests at layer 7, and insert a header (something like X-Forwarded-For) with the client's IP in the request. Then you could use a custom log format, or something like mod_rpaf to ensure that IP ended up in the logs.
There's no mention of this feature in the OpenVPN docs, and I suspect they're just passing the TCP connection straight on once it's clearly not an HTTP request. Your best bet is probably to bring up a second IP address on your server and split the services like that.