OpenVPN client with two interfaces

I have found many resources describing how to expose networks behind OpenVPN server. But I could not find much about following situation:

• one of the clients has got two interfaces

• one interface is connected to the internet

• through that interface OpenVPN traffic is routed (tun)

• OpenVPN network is configured as 10.10.0.0/24

• another interface on that client is configured as 192.168.0.0/24

• on that 192.168.0.0/24 network I have an internal web server

I have another OpenVPN client sitting in separate location and it is also configured to sit in network 10.10.0.0/24

How to make an internal web server on my first OpenVPN client's (as described above) available from my other OpenVPN client?

You can use push-route to push routes to your clients when they connect. You will I think need to use client-config-dir and "route" too.

Let's assume your first client (with the 2nd NIC) is C1, and the other one is C2.

Here's an example for server config:

push "route 192.168.0.0 255.255.255.0"
client-config-dir ccd
route 192.168.0.0 255.255.255.0

Then in the ccd directory, you need to create files named "C1" :

iroute 192.168.0.0 255.255.255.0

(indicating this client can route to this subnet)

You may also need to locally configure your router, adding static routes to indicate that your local OpenVPN client can route traffic to specific subnets. So far, C2 should have access to C1, but anything on C2 subnet won't. If C2 subnet should have access to C1 192.168.0.0/24 subnet, you'll need to setup your local router with a route saying C2 is the way to 192.168.0.0/24. (Of course, depending on your setup, there may be other way to do it) If that's what you want, you'll need to enable IP routing on C2 (under Windows: https://answers.microsoft.com/en-us/windows/forum/windows_7-networking/how-to-enable-ip-routing-in-windows-7/8970e722-e947-460d-80d5-fd6ffc850f3f?auth=1 , under Linux: https://askubuntu.com/questions/311053/how-to-make-ip-forwarding-permanent).