ANSWERED After VPN connect the server is only reachable from own subnet

[kieselblitz 1]

in short, i have the following subnets, they separated via VLAN and firewall
192.168.2.0/24 --> Clients
192.168.4.0/24 --> DMZ
The server is within the DMZ and for management purposes I usually connect via ssh from a computer thats in the client subnet.
So far so good.
After I successful bring up the vpn tunnel on the server (openvpn) I only able to connect the server from machines within the same subnet. A connection from the client network will not work anymore.
Some ideas what did I wrong?

Edited ... by kieselblitz
more specific

[OpenSourcerer 1435]

On 5/12/2022 at 10:19 PM, kieselblitz said:

After I successful bring up the vpn tunnel on the server (openvpn) I only able to connect the server from machines within the same subnet. A connection from the client network will not work anymore.

That is because OpenVPN only sets a route for the subnet of the interface from which it's connecting. Everything else is routed inside the VPN, and so are the connections from 192.168.2.0/24. What you need to do is add a custom route, either via Preferences > Routes or via the route directive in Preferences > OpenVPN directives.
The directive would be:

route 192.168.2.0 255.255.255.0 net_gateway

In Routes you'd set:

• IP/Host/Range: 192.168.4.0/24
• When connected: Outside tunnel
• Notes: [optional]

Be advised: If you set the option to use Hummingbird in Preferences > Advanced, the directive won't work. In this case try using the setting in Routes.

[kieselblitz 1]

Thank you very much. That was the solution for my problem.
On my Ubuntu I solved it as follows:
vi /etc/netplan/00-installer-config.yaml

network:
  ethernets:
    enp3s0:
      dhcp4: true
      routes:
      - to: 192.168.2.0/24
        via: 192.168.4.1
  version: 2

after saving
sudo netplan apply
works fine 🙂