Solved No comm between VPN Server clients and LAN devices => add of static routes required ?

[Latruffe]

Hello,
hoping my post is in the right discussion.

Context :
I'd like to setup an openVPN server on my router (RT-AC5300, Asuswrt Merlin 386.4), to access some of my LAN devices from internet (printer, NAS,...)
Since some of my clients don't support TAP, I've got to setup TUN type.
Then I configured a VPN network 192.168.3.1/24, while my router LAN network is 192.168.2.1/24.
I've setup and tested one of my clients successfully (as far as connection to VPN server is concerned).

Issue :
From the client 192.168.3.2), I can ping the VPN server (192.168.3.1). But I cant' ping the LAN server (192.168.2.1), nor for example the NAS on the LAN (192.168.2.2).
The same from any device on the LAN : I can't ping neither VPN server (192.168.3.1) nor any VPN client (192.168.3.x).

Then, is there static routes to define explicitly, to allow VPN clients access to LAN ressources ?
I've tried to setup these (Menu LAN > Route) :
Network Netmask Gateway Interface
192.168.3.1 255.255.255.0 192.168.2.1 VPN
192.168.2.1 255.255.255.0 192.168.3.1 LAN

But it doesn't solve the issue.
Note: concerning interface, I don't really know what is the right choice among LAN, MAN, WAN, VPN.
I even have doubt about VPN, since my router is also configured as VPN client (NordVPN like), so is this interface the server I'm trying to setup or the client one ?

User manual is not verbose about the case.
And I've searched a lot on internet about my issue, but most of the time there's only a quick how to setup a VPN server, "and voila !", without dealing with the fact that TUN type forces to get a subnet different from the LAN.

If someone already encountered and solved my issue, it will be very helpful.
Any other advice is also welcome, of course.
Thanks by advance

 

[ColinTaylor]

Don't create static routes, you'll only make things worse. The VPN client and server will create the correct routes automatically.

Check your client and server configurations again (e.g. make sure Client will use VPN to access is set to LAN or both). Look for errors when connecting in the logs on the client and the router.

 

[Latruffe]

Sorry for the delay, I only can handle my router at night to avoid my wife and children screaming "there's no wifi !!"
Indeed, removing static routes was helpful.
I manually flushed the table and reboot the router to be sure ("belt and suspenders").
And ta-da ! It's working perfectly.
From the VPN client route table shows route for 192.168.2.1/24, and from the LAN route table shows route for 192.168.3.1/24
I successfully access NAS shres from VPN client.
I didn't have time to test ping commands but I don't know if ICMP request are allowed then I don't consider this test as relevant.

In VPN logs, no error appears.
And FYI, I already set Client will use VPN to access is set to LAN.

Thanks for your help

My next step will be to disable compression in my VPN, but it's another issue...