My server LAN IP is 192.168.1.1 and there is an intranet web server on 192.168.1.2 The OpenVPN daemon is configured to give clients 192.168.2.* addresses.
There is push "route 192.168.1.0 255.255.255.0" line in the config which I expect to enable the VPN clients to access the entire 192.168.1.0 net, but they can only access 192.168.1.1 - the VPN server itself.
I've tried enabling net.ipv4.ip_forward = 1 in /etc/sysctl.conf but this doesn't help.
Any ideas?
PS: The server runs Ubuntu 12.04.
PPS: OpenVPN runs in tun mode over UDP.
Make sure that the ip forwarding is acutally enabled
Also, in order for route push to work, the servers on the inside also needs to know the route to your OpenVPN client IP address. So they will need to know the route to 192.168.2.0/24
You can most likely make iptables do the routing via masquerade using
If Your LAN network really is 192.168.1.0/24, then you can get a lot of problems. Because most routers have that default network. So, when You are on guest network, Your computer can get an ip from 192.168.1.0/24 network. So, You cannot access your remote network, but guest network. I suggest choose another network for your LAN and VPN. for example 192.170.15.0/24 for LAN and 10.0.5.0/xx for vpn. xx depends on how much vpn clients are connecting to LAN.
here is my fw script for openvpn