And where do you push the route to your lan? And your tunnel is part of your lan network.. Why in the world would you set your lan for 10.0.0.0/8 ?? Or in your client tell it default route is down the tunnel
here is config from my server from /var/etc/openvpn/server1.conf
keepalive 10 60
server 10.0.200.0 255.255.255.0
management /var/etc/openvpn/server1.sock unix
push "route 192.168.1.0 255.255.255.0"
push "dhcp-option DOMAIN local.lan"
push "dhcp-option DNS 192.168.1.253"
push "dhcp-option NTP 192.168.1.40"
tls-auth /var/etc/openvpn/server1.tls-auth 0
Only thing that needs to be hidden is my public IP there.
here is client
remote 24.13.xx.xx 443
tls-auth pfsense-TCP-443-tls.key 1
Notice in the server were I push the route
I can access anything on my lan without any issues. And even can resolve them by name because I push my local dns to my clients.
Pinging i5-w7.local.lan [192.168.1.100] with 32 bytes of data:
Reply from 192.168.1.100: bytes=32 time=127ms TTL=127
Reply from 192.168.1.100: bytes=32 time=118ms TTL=127
I use tcp 443, because udp 1194 is rarely open at a remote location outbound, and if there is internet 443 is going to be open. I also bounce this access off my http proxy at work, because they don't allow direct internet access.