Basic routing configurations are set as given in the tutorial.
The connection between my client and the server is established
My main problem is that I can access the server on its public LAN interface without VPN connection via ssh but using ssh via the VPN interface fails by repeated password requests (the password was given correctly, I tried over and over again)
The basic difference to a standard setup is that ssh uses a different port on the public interface, say eth0 and port 25000 (just to keep it simple, actual names/port numbers differ of course)
This works without established VPN connection: ssh -p 25000 firstname.lastname@example.org
This does not work, when VPN is active (using the first address provided by the TUN interface) ssh email@example.com
(adding -p 25000) will fail immediately
Do I have to map the VPN ssh port (22) to 25000 via iptables?
Here is my pretty standard server configuration file (replaced some names for security reasons)
# TCP or UDP server?
key fooserver.key # This file should be kept secret
# Network topology
# Should be subnet (addressing via IP)
# unless Windows clients v2.0.9 and lower have to
# be supported (then net30, i.e. a /30 per client)
# Defaults to net30 (not recommended)
server 10.2.0.0 255.255.255.0
push "route 10.2.1.0 255.255.255.0"
push "dhcp-option DNS A.B.C.D"
keepalive 10 120
tls-crypt ta.key # This file is secret
The client is running on OpenSuSE Leap 15.2 -- I think that the missing update-resolv-conf could be the real problem...