Setting Up Routing

If you set up a routed VPN, i.e., where local and remote subnets differ, you must set up routing between the subnets so that packets will transit the VPN.

Here is a possible road warrior network configuration:

Road Warrior (Windows)

TAP-Windows Adapter
10.3.0.2 subnet 255.255.255.0

ifconfig option in OpenVPN config:

ifconfig 10.3.0.2 255.255.255.0

Main Office, server (any OS)

tap adapter
10.3.0.1 subnet 255.255.255.0

ifconfig option in OpenVPN config:

ifconfig 10.3.0.1 255.255.255.0

private ethernet
10.0.0.1 subnet 255.255.255.0

The road warrior needs this route to reach machines on the main office subnet:

route add 10.0.0.0 mask 255.255.255.0 10.3.0.1 (this is a shell command)

Routes can be conveniently specified in the OpenVPN config file itself using the --route option:

route 10.0.0.0 255.255.255.0 10.3.0.1

If the OpenVPN server in the main office is also the gateway for machines on the remote subnet, no special route is required on the main office side.

On the other hand, if the main office OpenVPN server is NOT also the gateway, then whatever machine or router, which IS the gateway, must know to route 10.3.0.0 subnet 255.255.255.0 to the machine that is running OpenVPN.