On Wed, Nov 3, 2010 at 7:05 PM, Les Mikesell <lesmikesell at gmail.com> wrote: > You probably are forwarding packets to the other end of the vpn. Does whatever > is on the other end have a route back to your 192.168.144.x range through that > end of the vpn? Ah, that may indeed be the problem. I'm a bit rusty with this stuff. The CentOS box is doing IP forwarding, but that doesn't mean that it's actually acting as a NAT? On the far end, 192.168.144.0/255 would just use the default route, which is to the gateway for the network to which the VPN is connected. There's no explicit route for my LAN range. > Connections from the server itself will source from the tunnel > address, not the LAN. Well, yeah, that part I expected. I was presuming the return packets would go back to the tunnel address, which would send them to my server, which would then NAT them back to the original LAN source; but maybe that translation isn't happening where I thought it was.