I'm using OpenVPN Access Server 1.8.4.213 in Amazon VPC. I've used the custom AMI that has OpenVPN Access Server preinstalled.
My VPC is 10.11.0.0/16 My public subnet is 10.11.1.0/24
OpenVPN Server: 10.11.1.10 + ElasticIP Test Server: 10.11.1.20
VPN Subnet is dynamic and is the default 5.5.0.0/20
Once connection is established, my workstation (VPN client) gets an IP of 5.5.8.3 On the VPN Server, ifconfig shows two related IPs: 5.5.0.1, 5.5.8.1
In Advanced VPN -> I've set "Should clients be able to communicate with each other on the VPN network?" to Yes.
I've set Access Server to route mode and it's nearly all working: From my workstation, I can connect to the VPN server and ping it on its private IP (10.11.1.10). I can also ping and get replies to a server behind it on 10.11.1.20 (I've set up a route in Amazon VPC admin console).
From the Access Server, I can ping my workstation IP on 5.5.8.3
However, from the server in Amazon VPC at 10.11.1.20, I cant ping my workstation at 5.5.8.3 I do get ping replies from 5.5.0.1 and 5.5.8.1
How do I set this up so that from 10.11.1.20 I can ping my workstation at 5.5.8.3? Have I misconfigured something in Access Server, or can't I set it up like that using the GUI?
This turned out to be a Windows Firewall issue. I don't know why it was working when pings were initiated from the OpenVPN server itself, but pings initiated from another server inside Amazon VPC were reaching the Windows client, but being dropped at the Windows Firewall.
I didn't realise that when I thought I was disabling the Windows Firewall I was only disabling it for a particular network (the wrong network).
Thanks to OpenVPN support on IRC for their assistance (webchat.openvpn.net). Great product and great support, considering I'm only still evaluating and havent paid a dime.