routing – How to route a subnet network connected on the VPN server and make it available to VPN Clients


I have an OpenVPN Server that’s connected to an overlay network which I’d like to make it available from a VPN Client. I added the route to the overlay network 172.63.0.0 on openvpn.conf making the OpenVPN Server host itself 0.0.0.0 as the gateway because it is able to reach the intended overlay network. I watched the tcpdump on tun0 and it seems that the VPN is able to resolve the IP address on the overlay network that I’m trying to reach from the VPN Client but nothing comes back so I’ve made sure the VPN Server host was able to forward TCP packets and had the proper firewall exception but it still won’t work. This system is running on a docker container but I think it shouldn’t be relevant as network configuration goes. I don’t know how but people have been able to work around this problem with some disadvantages by configuring NATs discussed here but still unable to do it through routing.

server 192.168.255.0 255.255.255.0
verb 3
key /etc/openvpn/pki/private/private.key
ca /etc/openvpn/pki/ca.crt
cert /etc/openvpn/pki/issued/certificate.crt
dh /etc/openvpn/pki/dh.pem
tls-auth /etc/openvpn/pki/ta.key
key-direction 0
keepalive 10 60
persist-key
persist-tun

proto udp
# Rely on Docker to do port mapping, internally always 1194
port 1194
dev tun0
status /tmp/openvpn-status.log

user nobody
group nogroup
comp-lzo no

### Route Configurations Below
route 192.168.254.0 255.255.255.0
route 172.63.0.0  255.255.0.0  0.0.0.0

### Push Configurations Below
push "block-outside-dns"
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"
push "comp-lzo no"

Firewall config:

bash-5.0# iptables -nvL
Chain INPUT (policy ACCEPT 2 packets, 228 bytes)
 pkts bytes target     prot opt in     out     source               destination

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination
    4   228 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0

Chain OUTPUT (policy ACCEPT 2 packets, 212 bytes)
 pkts bytes target     prot opt in     out     source               destination