I'm somewhat stuck in a problem that seems easy at first, just that I don't know how to solve it and everything I'm googling only gets me examples I don't need.

I have a VPN server. I know the public address, I know how to connect to it with a client.
Said client accesses everything on the VPN server lan.
But from the lan, you can't access anything on the client.

Every example on the internet just pushes the client subnet to the server. Which is fine when you know your subnet beforehand.
And my problem is that I want to set it up so it works even when IPs and subnets are not known beforehand, like clients connecting through a 3G/LTE or whatever mobile data-plan they have.

Summary:
How can I modify clients/server config files so that the VPN tunnel is truly bi-directional, whatever the IP/subnet the clients get.

Thanks a lot for any help.

You're saying client like, single ip client? So like, is the scenario "I take my laptop to the coffee shop with public wifi, I connect to vpn, and I want to be able to call back to the webserver I run on my laptop"?

Or are you more in a "I have two sites, and I'm trying to set up a network between them but can't predict the client-side ip space of the remote site"?

Or is this something else entirely?

That said, you might have better luck hitting up serverfault (http://serverfault.com/), the openvpn forums (https://forums.openvpn.net/), or their irc (##openvpn on freenode) ...

Hi,
Second case, site to site VPN over 3G on one side, no fixed IP and subnet on that side.

Since I have a DDWRT router (3500L), I might try wifi bridging and use openvpn client abilities from said router and push his lan route rather than the 3G one. But I'm a noob in all network related subjects...


Thanks for the links, I'll check that probably over next week-end.