What do i need to take to connect an openvpn server to a local network?

Question

I'm setting up an office vpn so people can work from home, by rdp'ing their office machines by connecting to a vpn server which is based on the office lan. It wont be as simple as creating a vpn server in the office and connecting every device directly to it internally and externally. Externally, fine, internally nope (its just not practical)

ill attempt a visual route : -

(homepc)<encrypt>internet(office routerF/W)lan(vpn server)<decrypt>lan(officepc)

This is the server config file for openvpn:

local 192.168.0.2
port 1194
proto udp
dev tun
ca ca.crt
cert server.crt
key server.key
dh dh.pem
auth SHA512
tls-crypt tc.key
topology subnet
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
keepalive 10 120
client-to-client
cipher AES-256-CBC
user nobody
group nogroup
persist-key
persist-tun
status openvpn-status.log
verb 3
crl-verify crl.pem
explicit-exit-notify

I feel like i need to add some routing in somewhere but im not sure. Any pointers to more info or some help with this would be much appreciated.

I should probably add that it is not important for the office machines to establish connections in the other direction, meaning people at work dont have to be able to rdp their home machine. I guess office side this would look like all rdp traffic appears to be coming from one machine: the vpn server based on the lan.

Answer 1

I was missing one line : -

push "route 192.168.0.0 255.255.255.0"

Some further info : -

Im pretty sure ill have to change the server-side subnet now from 192.168.0.0 to 192.168.123.0 or something random since people are likely to have the former set up as default on their home router, which could cause ip conflicts. But that's not a problem.

This is the documentation i was looking for: https://openvpn.net/community-resources/expanding-the-scope-of-the-vpn-to-include-additional-machines-on-either-the-client-or-server-subnet/

I didnt have to "set up a route on the server-side LAN gateway" since i dont care about traffic establishing connections in the reverse direction. I think. Not sure how to do that on our ISP supplied router anyway, which is lucky.