OpenVPN 1.5 routing not funcional

Hello all! I have to ask how I may configure my VyOS device to be able to run as an OpenVPN server and be able to use it as a way to connect to the private server being hosted on it.

Here are the server configurations:

openvpn vtun1 {
     local-port 1194
     mode server
     protocol udp
     server {
         client client1 {
         push-route {
         topology subnet
     tls {
         ca-certificate ca
         certificate server
         dh-params dh

The clients trying to access are individuals and their machines, rather than another VyOS machine. So there are files like client1.crt, client1.key & ca.crt for each client on said machines.

So far, I’ve been able to technically connect to the VyOS machine via OpenVPN on a client machine, however, I have not been able to access the private network that’s being hosted within its server. The only thing even pingable is the client’s own ip (

Anyone know any good tips or configuration changes I must follow to correct this?

Thank you for reading!

Extra info:

Client configuration file:

remote xxxxx # censored
remote-cert-tls server
proto udp
dev tun1
verb 3
mute 3

ca	"E:\\Users\\Client1\\OpenVPN\\config\\c1\\ca.crt"
cert	"E:\\Users\\Client1\\OpenVPN\\config\\c1\\client1.crt"
key	"E:\\Users\\Client1\\OpenVPN\\config\\c1\\client1.key"

keysize 256
comp-lzo no

Welcome to the Vyos forums!

Do hosts on the network have a router back to your VPN client(s)?

What does the routing table look like on a host when it’s connected, do you see the pushed route being installed in the client’s routing table?

Thanks for having me!

The same router that hosts the OpenVPN server also hosts a DHCP server, which is providing the private network and IPs to the devices on So I believe that the devices might not have any routing to the VPN server, as I’ve only started OpenVPN configuration after the main server configuration was done.

Here is what the server’s routing looks like:

Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
default         UG    20     0        0 eth0 # Censored   U     0      0        0 vtun1   U     20     0        0 vtun1   U     0      0        0 eth1 U     0      0        0 eth0 # Censored

Here is a host’s routing:

Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
default         UG    20     0        0 eth1   U     0      0        0 eth1 U     0      0        0 eth0 # Censored

Here is my client’s routing:

Network Destination        Netmask          Gateway       Interface  Metric         On-link    281         On-link    281         On-link    281         On-link    281

I don’t see the route actually being pushed onto the client, no.

Thanks for the reply though!