Routing / IP-Tables problem

[suisse]

Hello

I have the following setup:

LAN: 192.168.1.0/24 with internet router/default gateway at 192.168.1.1
OpenVPN server: 192.168.1.3
Specific workstation in LAN: 192.168.1.23

The VPN is set up on 10.8.0.0/24, server being 10.8.0.1 and my client is 10.8.0.14. It is a routed VPN passing by tun0. Default gateway has a route set up to 10.8.0.0/24 via 192.168.1.3.

Most things are working, but I have a strange problem:

Pings from the LAN to the client arrive at the client's tun0 device, but with the router's public IP. Therefore, the client sends its echo-reply back to the public IP and it never finds its way back into the LAN.

If, however, I manually configure the specific workstation with a route to 10.8.0.0/24, communication between this computer and the client works fine, e.g. with the internal IP.

I see that obviously the router must be screwing the packets up while forwarding them to the OpenVPN server. Unfortunately, I don't have any idea on what exactly I have to change. Packets leaving the router on its internal interface should not be altered, should they?

Any help is greatly appreciated.

[krzee]

[13:52] <krzie> !route_outside_ovpn
[13:52] <vpnHelper> krzie: "route_outside_ovpn" is "route_outside_openvpn" is (#1) http://www.secure-computing.net/wiki/index.php/Graph for a cool graph explaining the route you need to add to your gateway, explained better in section: ROUTES TO ADD OUTSIDE OPENVPN in !route, or (#2) you do not need this if the vpn node IS the gateway for its lan

[13:34] <krzie> !route
[13:34] <vpnHelper> krzie: "route" is (#1) http://www.secure-computing.net/wiki/in ... PN/Routing if you have lans behind openvpn, read it DONT SKIM IT, or (#2) READ IT DONT SKIM IT

Hope that helps