openvpn, fedora28, & routing

[jack.craig.aptos]

hi forum folks, i am new to this forum so pls pardon me getting started.

i have a Fedora 28 OS and am setting up openvpn for anonymity in network usage.
my goal is to have all outbound traffic from the server as well as the lan clients to use tun0.
the enp4s0 interface seems fine.

enp4s0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 10.0.0.101 netmask 255.255.255.0 broadcast 10.0.0.255
inet6 fe80::c0c6:f5f4:a906:72f3 prefixlen 64 scopeid 0x20<link>
ether f4:6d:04:21:2c:a4 txqueuelen 1000 (Ethernet)
RX packets 1728224 bytes 2145751661 (1.9 GiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 876006 bytes 79773617 (76.0 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

tun0: flags=4305<UP,POINTOPOINT,RUNNING,NOARP,MULTICAST> mtu 1500
inet 10.8.0.1 netmask 255.255.255.0 destination 10.8.0.1
unspec 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 txqueuelen 100 (UNSPEC)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 5 bytes 224 (224.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

i have a static ip 8pack of ip's assigned from att. f/b

i have a cascaded router config where my netgear (NH=netgear nighthawk) router is behind the att rt.

my network looks like

Internet----[att route]----[NH router]---lan (fedora 28 x(server & client)

my static ip g.g.f.f configured on att rt.

then gets to NH rt via 192.168.1.254 & NH to lan (10.0.0.0/24)

i have a single server serving the openvpn
.
i fell into a trap to using poor network deployment choices (10.0.0.0 & 192.168.1.0)
so, if i made any unworkable choices, i can reorg them now & continue.

i can ping & traceroute out to the world just fine, so i think i am close.

both client & server instances of openvpn come up fine,...

my iptables is not fully active, but got nat postrouting in play.

my observation is that the "push redirect-gateway local def1" is not updating routing tables as expected.

so first question is my use of network outlined above subnetting corrupt? if so i need to fix it before moving fwd.
its that with ping & traceroute working, it's gotta be just around the corner.

so, i think it's a routing problem but hoped to get you august forum members to weigh in this much info
(trying not to blast too much info all at the same time).

comments, questions, suggestions? tia, jackc...

[TinCanTech]

my static ip >>>> configured on att rt.

I willl ask a mod to renove your publicly identifiable IP address.

For trouble shooting, please start here:
viewtopic.php?f=30&t=22603#p68963

[jack.craig.aptos]

[ws:root:/etc/openvpn]# h | grep -ir route server/*log
server/OpenVPN.log: route_script = '[UNDEF]'
server/OpenVPN.log: route_default_gateway = '10.8.0.2'
server/OpenVPN.log: route_default_metric = 0
server/OpenVPN.log: route_noexec = DISABLED
server/OpenVPN.log: route_delay = 0
server/OpenVPN.log: route_delay_window = 30
server/OpenVPN.log: route_delay_defined = DISABLED
server/OpenVPN.log: route_nopull = DISABLED
server/OpenVPN.log: route_gateway_via_dhcp = DISABLED
server/OpenVPN.log: route 10.8.2.0/255.255.255.0/default (not set)/default (not set)
server/OpenVPN.log: route 10.8.1.0/255.255.255.0/default (not set)/default (not set)
server/OpenVPN.log: route 10.8.0.0/255.255.255.0/default (not set)/default (not set)
server/OpenVPN.log: push_entry = 'route-gateway 10.8.0.1'
server/OpenVPN.log: push_entry = 'route-gateway 10.8.0.1'
server/OpenVPN.log: max_routes_per_client = 256
server/OpenVPN.log:ROUTE_GATEWAY 10.0.0.1/255.255.255.0 IFACE=enp4s0 HWADDR=f4:6d:04:21:2c:a4
server/OpenVPN.log:/sbin/ip route add 10.8.0.0/24 via 10.8.0.2
server/OpenVPN.log:ERROR: Linux route add command failed: external program exited with error status: 2
server/OpenVPN.log:/sbin/ip route add 10.8.1.0/24 via 10.8.0.2
server/OpenVPN.log:/sbin/ip route add 10.8.2.0/24 via 10.8.0.2