How to set up OpenVPN to let the VPN clients to access all the servers inside the server LAN?
Make sure that the ip forwarding is acutally enabled
echo 1 > /proc/sys/net/ipv4/ip_forward
Also, in order for route push to work, the servers on the inside also needs to know the route to your OpenVPN client IP address. So they will need to know the route to 192.168.2.0/24
You can most likely make iptables do the routing via masquerade using
/sbin/iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE /sbin/iptables -A FORWARD -i eth0 -o tun0 -m state --state RELATED,ESTABLISHED -j ACCEPT /sbin/iptables -A FORWARD -i tun0 -o eth0 -j ACCEPT
If Your LAN network really is 192.168.1.0/24, then you can get a lot of problems. Because most routers have that default network. So, when You are on guest network, Your computer can get an ip from 192.168.1.0/24 network. So, You cannot access your remote network, but guest network. I suggest choose another network for your LAN and VPN. for example 22.214.171.124/24 for LAN and 10.0.5.0/xx for vpn. xx depends on how much vpn clients are connecting to LAN.
here is my fw script for openvpn
#!/bin/sh iptables -A INPUT -i tun+ -j ACCEPT iptables -A FORWARD -i tun+ -j ACCEPT iptables -A INPUT -i tap+ -j ACCEPT iptables -A FORWARD -i tap+ -j ACCEPT # Allow packets from private subnets iptables -A INPUT -i eth1 -j ACCEPT iptables -A FORWARD -i eth1 -j ACCEPT # i have multiple vpn networks # 126.96.36.199/24 = LAN iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth1 -j MASQUERADE iptables -t nat -A POSTROUTING -s 10.9.0.0/30 -o eth1 -j MASQUERADE iptables -t nat -A POSTROUTING -s 10.9.1.0/30 -o eth1 -d 188.8.131.52 -j MASQUERADE # to single server access only echo 1 > /proc/sys/net/ipv4/ip_forward