I have a Netgear Nighthawk router that has OpenVPN capabilities baked in. After some trial and error, I was able to get my laptop to connect to it from the outside world over the internet. I know that part is working because when I use whatismyipaddress.com, it shows that I'm accessing the internet through my home router rather than the one at my location. It's set up using TUN.

My problem is that I am unable to RDP into my home PCs. I am guessing that they are seeing the IP address of the request as external, vs internal which is blocked due to policy. That's my best guess. I am unable to change that policy on at least one of the machines due to policy.

What would be the steps to resolve this? I really don't have much I can do with the OpenVPN server in the router as far as configuration goes.

Does ifconfig set the internal IP address of the VPN provided traffic on the network being accessed? Right now I have:
ifconfig 10.1.0.2 10.1.0.1

Would changing one of those to match my internal network IP address pattern make the VPN be identified as internal? My LAN addresses are 192.168.1.*.

Doing more reading, maybe "static routing?"

I don't have a hotspot available, so any time I test changes I have to drive to a different location to join another network, which is really inconvenient.

There's usually an option server-side to allow lan access. Check that box.

I haven't used a consumer router in years. If you don't have that box, routing would be the next thing to check.

Since I'm lazy but it's otherwise correct (mostly).
----
It sounds like your issue might be related to routing and IP addressing. When you connect to your home network via the OpenVPN tunnel, your computer receives an IP address in the 10.1.0.0/24 range. This IP address is different from the local IP addresses on your home network, which use the 192.168.1.0/24 range.

Here are a few steps to try resolving this issue:


1. Add a route to the OpenVPN configuration:
  In the OpenVPN configuration file on your laptop, add the following line:


  ```
  route 192.168.1.0 255.255.255.0
  ```


  This line tells your laptop to route traffic destined for your home network (192.168.1.0/24) through the VPN tunnel. Restart the OpenVPN client after making the change.


2. Configure the Nighthawk router:
  Make sure your Nighthawk router allows traffic between the VPN subnet (10.1.0.0/24) and the home network subnet (192.168.1.0/24). You may need to check the firewall settings or add a static route, depending on the router's capabilities.


3. Verify that RDP is allowed:
  Double-check the firewall settings on your home PCs and make sure that RDP is allowed from the 10.1.0.0/24 subnet. If RDP is only allowed from the local subnet (192.168.1.0/24), you might need to add a rule to allow it from the VPN subnet.


4. Use the local IP address for RDP:
  When you try to connect to your home PCs using RDP, make sure to use their local IP addresses (192.168.1.X) instead of their public IP address.


If these steps don't resolve the issue, you may need to consider using a more advanced router that allows greater customization of the OpenVPN server settings or installing an OpenVPN server on a separate device within your home network. This would provide you with more control over the routing and firewall settings.

It does. I have that set for internet and local traffic.

I'm just not familiar with what is what, with all these settings.

I really think that the issue is that I have a VPN address of 10.8.0.*, but it needs to be 192.168.1.* in order to be recognized as a "local intranet" address. Unfortunately all the documentation I can find for OpenVPN talks about changing server configs, which I can't do.

Edit: just saw your latest post, I'll try that! Thanks!

Can you ping the box you are trying to RDP to?
Since you mentioned ifconfig, I'll assume client is Linux. What does `ip route get RDP-box-ip` say?

Static Routes:

Would this likely be correct? Netgear router IP is 192.168.1.1.

Destination IP Address: 10.1.0.0
IP Subnet Mask: 255.255.255.0
Gateway IP Address: 192.168.1.1
Metric: 2 (I tried to enter '1' for direct connection, but it said that entry was invalid)

My client is MacOS.

I am unable to ping whilst on the VPN.

I can go to the other location to test but I'm unable to change any of the router settings unless I'm on my home network, so I want to get that into a state where it's likely correct.

It's the right direction. IDK what metric is. Sounds like you are trying to add routes via a gui. End of the day your vpn should set the route table so your home network automagically goes over the tunnel. It gets more complicated when host and vpn nets share the same subnet class. Dual homing is a pita.

Bah. Still not working.

Metric is the number of routers expected between the remote client and the target.

EDIT: Finally was able to connect. I dropped the idea of using 10.8.* addresses for the VPN IP addresses and changed it to match my home network:

ifconfig 192.168.1.98 192.168.1.99
route 192.168.1.0 255.255.255.0
redirect-gateway def1

It's a routing problem.  You don't have a path between your vpn subnet and lan subnet.  Add a few allow-all's in there or add it to a bridge.

"network metric" is what windows calls a link weight or cost.  If you've got two 0.0.0.0/0's, it'll pick the one with the lower metric.

I just came in here to say what this guy said on the routing problem, except technically speaking its actually more of a 'firewall' problem than 'routing' since your router already knows routes to all the nets that are already connected to it.  you just need to tell your router's firewall config to allow RDP traffic from your OVPN clients network into your Windows RDP server.