I am trying to set up a facility where a portable router using mobile phone tethering (or wifi or wan) connects to a server and makes its lan visible to the to the server. the ip adress range varies from place to place so the server should provide the address range ( the filed service engineers need to just plug it in! , the configuration should be at the server)

ideally, client 1 (programmer) --- Server ---- client 2(remote machine)----- LAN----- target Machine (PLC, programable logic controler).

So far i have set up the server and client but the issue is everything is looking at the server lan. does anybody know what mode i need the openvpn in ? suggested settings would be really cool!
i am using a GL-MT300N on openwrt for my client(remote machine) and my test server is Netgear R7000 on shibbys tomatousb. The ease of connecting the remote client is cool but the networking side is a pain!
Can Anybody point me in the right direction (tun/tap, mode ect)
Many thanks
Apologies if this is a repost - i got an you dont have permission message last time
Jon

Use a standard TUN configuration.

All of the client LAN networks need to have different IP ranges so there is no ambiguity at the server.  And all of them different from the server's LAN of course.  It doesn't seem possible or practical to assign them dynamically, since everything on the client's LAN would have to change.
Create and deploy client certificates with a different CN for each client.  This will uniquely identify the client to the server when it connects.  You could put the IP that the client uses in the name to remind you.
Then on the server /etc/config/openvpn you need to configure per client configuration by naming a directory

    option client_config_dir '/etc/openvpn/ccd'
    option route '192.168.6.0 255.255.255.0' 

The second line creates a route in the server's routing table for each client.  So you need one such line per client with the client network's different IP for each one.  These routes won't lead anywhere until the client connects, but that is OK.
In the /etc/openvpn/ccd directory (or wherever you configured client_config_directory) make a file for each client with the name the same as the CN in the client's certificate.  The content of the file is an "iroute" specifying the client's LAN.

iroute 192.168.6.0 255.255.255.0

Now when a client network connects, it's LAN will be tunneled to the server and added as a route so any device on the server's LAN can access it using the client's LAN IP.

(Last edited by mk24 on 19 Aug 2017, 15:13)

Thank you so much! I will be all over it testing this weekend! This looks like a big step in the right direction, thank you for taking the time to explain.

My first post was missing an important point, I have edited it.

Noted, many thanks

Surprisingly challenging to make a like for like test rig! but so far I have connection and the routs working ok using the instructions posted above by mk24. now my challenge is - i cannot ping the remote router and 'see' its lan from the server - i have done some messing with the firewall but to no avail - any thoughts?

In case anyone if following this trying to do the same, id=71856 , is more recent and has a working solution.