1. all computers on a local network know about all others on the same local network 2. if a request comes from a computer on an outside network, by default, responses are routed to the default gateway 3. open vpn has two modes, routing and bridging. a. routing creates a vpn connection ip with an address external to the local network. b. bridging creates a vpn connection ip with an address in the local network. 4. if we are using routing mode, the open vpn ip address will be external to the local network, so all of the other computers on the local network will route responses to the open vpn connection to their default gateway, which is not the open vpn connection 5. they by defaut, will also not know how to send requests to the open vpn connection. 6. there are two solutions. a. one is to switch to bridging mode, but this may introduce other problems (possibly overlapping ip ranges or other things i don’t know about) b. the other is to use a static route / iptables solution i. set static routes on each computer in the local network. ii. on the open vpn server/client, set iptable rules to forward and masquerade traffic between interfaces on the open vpn server/client. 7. static routes are for traffic that must not, or should not, go through the default gateway. 8. iptables forwarding is required for forwarding traffic from one network interface on a computer, to another interface on the same computer. one kernel configuration also needs to be changed to allow this. 9. iptables masquerading is for getting computers on the local network to think that traffic from an external source has come from locally and vice versa. 10. lastly, when you may invariably have to begin troubleshooting the connection, it is important to remember that packet routing does not have to come back via the same path as the the path it took to get to the destination. always traceroute from both ends.