OpenVPN, routing & Amazon EC2

[MarkRobinson]

I have an OpenVPN server (CentOS) running in Amazon's EC2 cloud and a client, also CentOS running on a machine in my local network. There are a number of other servers, windows and linux, also running on Amazon. The OpenVPN server and client can ping each other but the client can't ping any of the other servers on Amazon. Can anyone please advise how I setup routing in this scenario. IPforwarding is enabled on the OpenVPN server.

Amazon Server IPs:
OpenVPN Server: 10.128.74.116
WindowsServer1: 10.128.67.239
WindowsServer2: 10.128.51.207
LinuxServer3 10.128.75.57

OpenVPN Client: 10.208.91.76

Server Config:
port 1194
proto udp
dev tun
ca /etc/openvpn/certs/ca.crt
cert /etc/openvpn/certs/server.crt
key /etc/openvpn/keys/server.key # This file should be kept secret
dh /etc/openvpn/dh1024.pem
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "route 10.128.0.0 255.255.0.0"
client-config-dir /etc/openvpn/client-configs
route 10.208.0.0 255.255.0.0
client-to-client
keepalive 10 120
cipher BF-CBC # Blowfish (default)
comp-lzo
max-clients 5
user nobody
group nobody
persist-key
persist-tun
status /var/log/openvpn-status.log
log-append /var/log/openvpn.log
verb 5

Client Config:
client
dev tun
proto udp
remote myec2vpnserver 1194
resolv-retry infinite
nobind
user nobody
group nobody
persist-key
persist-tun
ca /etc/openvpn/certs/ca.crt
cert /etc/openvpn/certs/client1.crt
key /etc/openvpn/keys/client2.key
cipher BF-CBC
comp-lzo
log openvpn.log
log-append /var/log/openvpn.log
verb 5

/etc/openvpn/client-configs/client
iroute 10.208.0.0 255.255.0.0
push "route 10.128.0.0 255.255.0.0 vpn_gateway

Any help would be appreciated.

Thanks Mark

[krzee]

remove /etc/openvpn/client-configs/client all together
make sure you NAT the vpn subnet on your server
iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE