Hosts on LAN seems not to be accessible from VPN clients
We currently use routed VPN (tun) and VPN clients have IP address from different subnet.
For example:
LAN: 192.168.1.0/24
VPN: 10.111.111.0/24
Actually, hosts on LAN are reachable as packets are routed to the LAN subnet, but from the VPN client's point of view, the host in LAN looks unreachable.
For example: web server on 192.168.1.25 with at least basic firewall, will reject the packets, because of unexpected source IP.
10.111.111.2 (client) -> 192.168.1.25:80 (target host)
Perhaps 1:1 NAT would help here?