Open VPN Access Server uses NAT (Network Address Translation) to “ease” routing VPN user traffic to the rest of a remote network. This isn’t always a desirable configuration.
If you want to disable NAT globally, you can do so by logging into the shell as a root user on your OpenVPN Access Server and doing the following:
cd /usr/local/openvpn_as/scripts
./sacli --key vpn.server.nat --value false ConfigPut
./sacli start
This globally disables NAT on the box and you can then use routing tables on your network to manage traffic flow. This is handy when you already have an established network with a device (or two) that are handling routing for you and will definitely fit some use cases.
For clarity’s sake I will go ahead and state the following: This is for OpenVPN ACCESS SERVER, not for the open-source/free community edition. They are very different beasts so take note of which you are using.
References:
https://docs.openvpn.net/docs/access-server/openvpn-access-server-command-line-tools.html