I have the following IT structure. In my LAN (behind a LANCOM router), I have an IPFIRE server connected via the RED interface. The Green interface is not physically connected to the LAN. On the LANCOM router, I have a port forwarding set up from 1194 to, for example, 192.168.243.113, which is the RED interface of the IPFIRE.
The VPN connection from the client to the IPFIRE server works wonderfully. Now, however, I have the problem that with the active OpenVPN connection, I cannot access network shares such as 192.168.243.10. These are Samba shares on a Windows server. I believe I need to edit something in the routing or firewall rules. However, after several hours of experimenting, I have not found the solution and therefore turn to you with the request for help.
I have not got as far as playing with OpenVPN yet but in the distro I am coming from, there are a number of issues. The Windows firewall often does not like traffic from outside its own subnet. If IPFire does not masquerade incoming OpenVPN traffic, you may need to open the Windows Server firewall to traffic from the OpenVPN subnet. You will also need a route on your router to direct LAN traffic to the OpenVPN subnet via your red interface IP.
If IPFire does masquerade OpenVPN traffic, none of this will be necessary as the OpenVPN traffic will appear on your LAN to come from the Red IP so it knows its way back and also will not be rejected by the Windows Server firewall.
It gets even more complicated if you want to access OpenVPN device from your LAN. In your router you need a static route to your OpenVPN subnet via red0’s IP address.
If your router is IPFire you then need a hairpin firewall rule something like:
Source = your_lan_subnet
NAT = Source NAT
New Source IP Address = Green
Destination = your_openvpn_subnet
I wonder if a check of the Redirect Gateway option will be helpful in your case.