hello everyone,
i think i have reached a point of burnout here.. and i need someone to follow through my steps, see where i am faulting please please....

here is the story:
home network:
-subnet 192.168.0.0/24,
-gateway (@ the modem/router) 192.168.0.1
-slackserv@home linux slackware with openvpn daemon running as server too 192.168.0.6
-slackclient@home 192.168.0.19 a linux slackware random client
-winxp@home 192.168.0.3

office network
-subnet 192.168.1.0/24
-gateway (@ a windows 2008 server box) 192.168.1.2
-gateway (@ modem/router) 192.168.1.1 (is not used as a gateway at the moment but could)
-winxp@work with openvpn daemon running as vpn client 192.168.1.107
-slack@work a slackware box i recently installed at work 192.168.1.10

vpn network
-subnet 192.168.144.0/24
-vpn server 192.168.144.1, on iface 192.168.0.6 at home's network
-vpn client winxp@work (among others) 192.168.144.10, on iface 192.168.1.107 at works network.


i basically want all pcs from the home network to be able to see all pcs at work..and vice versa..
i have managed (finally!) to get the client-side computers (work network) to see the server side computers.... but i still can't get the opposite to work..
for the purposes of starting from somewhere, ssh'ing from slackclient@home towards slack@work would be wonderful..

Theoretically speaking, the way i understand networks, the following should apply:
the gateway@home should incorporate static routes to redirect traffic with destination 192.168.144.0/24 (vpn) and -more importantly-192.168.1.0/24 (work) subnets to the vpn server gateway slackserv@home.
this way, any pc at the home subnet, will be able to ping/ssh etc. addresses directly in the work subnet.

once packets reach the slackserv@home, iptables will have to accept traffic with destination to vpn and work subnets. Since the vpn server will do the redirecting (by using the routing table - correct me if im wrong in this), the input chain is the one that should allow traffic that originates from the home subnet and is destined for the work subnet). note that prerouting chain is left empty.
so a rule like,
should do there trick....


then packets destined for work subnet, are delivered to the tun interface, following routing table rule
(a rule that the vpn daemon generated, in boot up)

is there a postrouting directive that i should add to the iptables chain like snat or smth?

finally they leave the vpn server and reach the vpn client winxp@work..
if the tun interface at the client is NOT firewalled, packets should quickly follow the clients routing table and be redirected to the ethernet adapter, and from there on, get delivered to the pc@work with the corresponding ip address...

well if that is the theory, practice doesn't work for me :P

even without running any firewall on slackserv@home, slackclient@home, winxp@work and gateway@work... i still cant get access to the slack@work from slackclient@home....aarrrgghh

i followed the openvpn HOW TO http://www.openvpn.net/index.php/ope...wto.html#scope word by word...
-so i added a file at the client-config-dir with filename the common name of the vpn client and contents -i went back to the server configuration and added the path to this file (in the client) as
i checked that ip_foward is enabled at the slackserv@home (vpn server)..
finally all firewalls are down..
and if i do traceroute from slackclient@home towards slack@work i get the following

during vpn negotiations things seem to start normally

(some lines have been intentionally left out) - rodos is the common name of the winxp@work client vpn certificate...

PLEASE Please please,
if you have managed to make visible the client side network to the server side network in a similar topology... can you give me any hints?
Thank you in advance for your help...

hm i solved it finally,
the eth iface on the winxp@work (cpn client) had its connection shared...
apparently that caused the fuss...
so NOT sharing the local area connection did the trick....