So far I am starting to think this may be firewall related, but hoping to receive some input from others. My goal is to be able to reach internal services while connected to my OpenVPN from any external source address. Default iptables policy = DROP.

OpenVPN has been setup and clients can successfully connect with their respective keys. While connected clients show as having the VPN's WAN IP address, clients cannot reach *any* internal services on the server's local LAN.

Tried to force VPN packets to be routed over the public eth0 interface to no avail. For the output of `iptables -S` see http://codepad.org/1uxj65rS

More detailed info…

## BEGIN POLICY ##
-P INPUT DROP
-P FORWARD ACCEPT
-P OUTPUT ACCEPT

# /etc/ufw/rules.before
#
# Rules that should be run before the ufw command line added rules.
# NAT table rules
*nat
:POSTROUTING ACCEPT [0:0]
# Allow traffic from OpenVPN client to eth0
-A POSTROUTING -s 10.8.0.0/8 -o eth0 -j MASQUERADE
COMMIT


# UFW
Status: active
Logging: on (low)
Default: deny (incoming), allow (outgoing)
New profiles: skip

To Action From
-- ------ ----
22 ALLOW IN Anywhere
Anywhere ALLOW IN xx.xxx.xx.xxx = CLIENT1 WAN address *
25 ALLOW IN Anywhere
8080 ALLOW IN Anywhere
22 ALLOW IN Anywhere (v6)
25 ALLOW IN Anywhere (v6)
8080 ALLOW IN Anywhere (v6)

* CLIENT 1 CANNOT REACH INTERNAL SERVICES FROM EXTERNAL WAN IP ADDRESSES (OWN WAN = OK)

## END POLICY ##


# ROUTING TABLE [BEFORE VPN]

Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
default gw-xxxx.linode 0.0.0.0 UG 203 0 0 eth0
xx.xxx.xxx.0 * 255.255.255.0 U 203 0 0 eth0
server-domain.net gw-xxxx.linode 255.255.255.255 UGH 0 0 0 eth0


# Force VPN packets to be routed over the public eth0 interface
source: viewtopic.php?t=8737

ip rule add from xx.xx.xxx.xx table 128 # = SERVER IP
ip route add table 128 to xx.xxx.xxx.0/24 dev eth0 # = SERVER SUBNET
ip route add table 128 default via xx.xx.xxx.1 # = SERVER GATEWAY


# ROUTING TABLE [AFTER VPN]

Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
default gw-xxxx.linode 0.0.0.0 UG 203 0 0 eth0
10.8.0.0 10.8.0.2 255.255.255.0 UG 0 0 0 tun0
10.8.0.2 * 255.255.255.255 UH 0 0 0 tun0
66.175.221.0 * 255.255.255.0 U 203 0 0 eth0
server-domain.net gw-xxxx.linode 255.255.255.255 UGH 0 0 0 eth0

`ip addr show`
41: tun0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN group default qlen 100
link/none
inet 10.8.0.1 peer 10.8.0.2/32 scope global tun0
valid_lft forever preferred_lft forever

# FORWARDING ENABLED
$ sysctl -p
net.ipv4.ip_forward = 1

/etc/ufw/sysctl.conf
net/ipv4/ip_forward=1


# NOTES
Client1 192.168.1.129 :: Successful pings to OpenVPN 10.8.0.1 + 10.8.0.10 [tun0]

/etc/openvpn/server.conf - http://codepad.org/EwwFKFPw
/etc/openvpn/client.conf - http://codepad.org/hXMq5HJ9

At this point -- I am really uncertain what the issue could be, but suspect it is either 1. Firewall or 2. Network Routing related.

I would greatly appreciate anyone who can advise. Thanks for reading.