[ubuntu] OpenVPN Service works, but VPN Server can't see my local network

view full story

http://ubuntuforums.org – Dear community, I have set up my OpenVPN configuration in such a way that I can log in from remotely (via the Internet) to my local network. However, as I am very lazy (problem one), I only want users to use one set of certificates, but forcing them to log in with their own username and password that is on an LDAP server somewhere within my local network. My problem (the real problem) is this, if the VPN service is running on the VPN-Server then I cannot "see" my local network for any LDAP queries from my VPN-Server... when I shutdown OpenLDAP and reconfigure my interfaces file, then obviously it works ... I narrowed my "problem", according to myself, down to the "routing table". My configuration is as follows: internet - <eth1> VPN-Server <eth0> - local network - <eth0> LDAP-Server my interfaces file is: Code: auto lo eth2 eth0 eth1 br0  # Loopback device  iface lo inet loopback  # Internet interface  iface eth1 inet static   address   netmask   broadcast   gateway   dns-nameservers   pre-up echo 1 > /proc/sys/net/ipv4/ip_forward   up /sbin/iptables -t nat -A POSTROUTING -o $IFACE -j MASQUERADE   down /sbin/iptables -t nat -F   post-down echo 0 > /proc/sys/net/ipv4/ip_forward    # WAN interface  iface eth0 inet static   address   netmask   network   broadcast   post-up route add -net gw  # OpenVPN interface  iface br0 inet manual   up openvpn --mktun --dev tap0   up ifconfig eth0 promisc up   up ifconfig tap0 promisc up   up brctl addbr br0   up brctl setfd br0 0   up brctl stp br0 off   up brctl addif br0 eth0   up brctl addif br0 tap0   up ifconfig br0 netmask up   up route add -net gw   down ifconfig br0 down   down brctl delif br0 tap0   down brctl delif br0 eth0   down brctl delbr br0   down openvpn --rmtun --dev tap0   down ifconfig eth0 netmask broadcast network   down route add -net gw like i said, the VPN function works fine, but their has to be a user within my VPN-Server else I can't use my LDAP-Server, because I can't "see" my network ... from within my VPN-Server Please help me, it will really make my frustration level a bit better ... (HowTos)