My network consists of a consumer grade router which assigns LAN clients IPs in the 192.168.1.0/24 range. The OpenVPN server has a static lease on 192.168.1.123.
My goal is for all clients to be able to access the internet as though they were on the LAN, and communicate with other devices on the LAN. For example, a client would connect through the router's open port 1194 and get assigned 192.168.1.222 (I will assume the router's DHCP server will not assign anything in that range). Or if possible, when a client connects it would contact the router's DHCP server.
1. Why can clients access nothing right now?
2. Should I be using server bridging?
Server Config
port 1194
proto udp
dev tun
ca ca.crt
cert nas.crt
key nas.key # This file should be kept secret
dh none
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist /var/log/openvpn/ipp.txt
push "redirect-gateway def1 bypass-dhcp"
keepalive 10 120
tls-crypt ta.key
cipher AES-256-GCM
auth SHA256
user nobody
group nogroup
persist-key
persist-tun
status /var/log/openvpn/openvpn-status.log
verb 3
explicit-exit-notify 1
proto udp
dev tun
ca ca.crt
cert nas.crt
key nas.key # This file should be kept secret
dh none
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist /var/log/openvpn/ipp.txt
push "redirect-gateway def1 bypass-dhcp"
keepalive 10 120
tls-crypt ta.key
cipher AES-256-GCM
auth SHA256
user nobody
group nogroup
persist-key
persist-tun
status /var/log/openvpn/openvpn-status.log
verb 3
explicit-exit-notify 1
Client config
client
dev tun
proto udp
remote home.example.com 1194
resolv-retry infinite
nobind
user nobody
group nogroup
persist-key
persist-tun
remote-cert-tls server
cipher AES-256-GCM
auth SHA256
verb 3
key-direction 1
<ca>
dev tun
proto udp
remote home.example.com 1194
resolv-retry infinite
nobind
user nobody
group nogroup
persist-key
persist-tun
remote-cert-tls server
cipher AES-256-GCM
auth SHA256
verb 3
key-direction 1
<ca>