This is useful when you can’t use peer to peer (site to site) tunnel. For example, when you don’t have administrative access to a remote network (you can’t open ports, you can only go out – egress). To bypass this and gain access to remote network devices, you can simply install a VPN client on the remote network and make it act as a gateway for your local network. I will not go trough basic OpenVPN server configuration (generating certs, adding users etc), I will only pinpoint the parts that differ from a normal VPN client server setup.
Remote network: 192.168.10.0/24 (Client side)
Local network: 192.168.1.0/24 (Server side)
1. Go to OpenVPN server settings, under advanced configuration, custom options and enter:
push "route 192.168.1.0 255.255.255.0"; route 192.168.10.0 255.255.255.0;
2. Go to OpenVPN client specific overrides tab and add a new rule. Select your OpenVPN server, enter common name (name of the user – VPN client), under IPv4 remote network/s enter: 192.168.10.0/24
3. If you haven’t already, you have to assign an interface to your VPN server. Go to Interfaces, Assignments, Available network ports: ovpns1, click Add and save. Click on your newly created interface, check box Enable interface and add a description: OpenVPN1 (name it however you want), save.
4. Go to System, routing, static routes.
Add a new route, destination network: 192.168.10.0/24
5. You need to enable NAT and forwarding on a client, this example is for a linux client:
sysctl -w net.ipv4.ip_forward=1 iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE iptables -t nat -A POSTROUTING -o tun0 -j MASQUERADE
6. Connect your VPN client, you should be able to access devices behind the client from your local network.