Sorry if this is covered elsewhere - I've tried just about everything I did find regarding this issue in this forum (and elsewhere).
Client connections (internal and external to the LAN) establish just fine but Tap0 on the Zentyal 8 / OPenVPN server running as a guest on Xenzerver 7.4 does not seem to pass traffic from the VPN's network 192.168.168.0 to the internal LAN network 192.168.0.0. The VPN clients can ping each other and can ping the Zentyal server's eth0 (LAN) address and Tap0 (VPN) address. TCP dump shows pings from my VPN clients hitting the server's Tap0, but nothing from Tap0 to the eth0 (internal LAN). I've set all 4 firewall modules to accept all ports from any IP. I will try to post my Zentyal OPenVPN config file later today with some screen shots of the OpenVPN, network, and Firewall admin screens.
Note that the VPN clients are running on windows 10 and 11 but that they worked just fine with Zentyal 4.1. Also, the fact that their pings hit the Zentyal Tap0 leads me to believe the issue is with the Zentyal setup and not a Win 10/11 Tap0 issue (but I could be wrong). Note I am advertising the LAN network through the VPN. Also, the Zentyal server only has 1 interface (eth0) and is not the default gateway. I know the documentation says there needs to be 2 interfaces - so does this mean it's not possible to use Zentyal 8 as a VPN with only 1 NIC? Just find it puzzling since Zentyal 4.1 worked so well in this setup.
Also, is it possible the clients' traffic is going through the server's Tap0 to Eth0 to the default gateway (which doesn't have a routing entry for the VPN) without showing up in TCP dump?