Чтобы пакеты для сети 192.168.0 шли через VPN надо добавить
route 192.168.0.0 255.255.255.0
в конфиг сервера
https://openvpn.net/index.php/open-source/document...--iroute network [netmask]
Generate an internal route to a specific client. The netmask parameter, if omitted, defaults to 255.255.255.255.
This directive can be used to route a fixed subnet from the server to a particular client, regardless of where the client is connecting from. Remember that you must also add the route to the system routing table as well (such as by using the --route directive). The reason why two routes are needed is that the --route directive routes the packet from the kernel to OpenVPN. Once in OpenVPN, the --iroute directive routes to the specific client.
This option must be specified either in a client instance config file using --client-config-dir or dynamically generated using a --client-connect script.
The --iroute directive also has an important interaction with --push "route ...". --iroute essentially defines a subnet which is owned by a particular client (we will call this client A). If you would like other clients to be able to reach A's subnet, you can use --push "route ..." together with --client-to-client to effect this. In order for all clients to see A's subnet, OpenVPN must push this route to all clients EXCEPT for A, since the subnet is already owned by A. OpenVPN accomplishes this by not not pushing a route to a client if it matches one of the client's iroutes.
это даст доступ с сервера в сеть клиента. Чтобы пакеты ходили между сетями клиента и сервера, добавить в конфиг сервера
push "route 192.168.1.0 255.255.255.0"
или
в конфиг клиента
route 192.168.1.0 255.255.255.0