OpenVPN provides powerful routing capabilities allowing the network administrator to direct traffic from clients where it needs to go. These routes can place entire subnets behind specific client connections, through other routers on the server side, or out to the Internet. There are two distinct zones when discussing routing and VPNs. I like to classify them as internal and external.

Regardless of which bucket your routes go into, it is vitally important to consider that both endpoints in the route need to know how to reach the other. There are varying techniques for accomplishing this: static routes, dynamic routes, NAT/PAT, and so on. Failure to ensure that there is a return path will prevent useful traffic from flowing.

In the following ...