C
You have two solutions:Convert to your machine to link door of all machines in your network.Add static routes only to machines that need access to the VPN.Common tasks:Choose one option or another, your team will have to do the link door, so you must activate the package forward.In addition, since the teams at the other end of the VPN do not know the direction of your home network, you must mask the packages with the IP that your team has there, so that the packages know the way back.To achieve these two goals you must:Activate the reing of packages on the machine provided by the VPN: sysctl net.ipv4.ip_forward=1.Mask the traffic that is directed to the VPN with the IP of your computer so that the packages can return to their origin: iptables -t nat -A POSTROUTING -o tap0 -j MASQUERADE.Each distribution has a specific way to make these permanent changes. For example, by modifying the file /etc/sysctl.conf you can make the activation of the package relay permanent.However, the configuration of the firewall does change dramatically from one distribution to another, especially if you use an additional management layer as https://firewalld.org/ .If you want to turn your equipment into a link doorActivate masking to get on the Internet masking all the outgoing traffic (or specifying the interface that connects you to the router): iptables -t nat -A POSTROUTING -j MASQUERADE.Change the link door of your equipment to make it the PC that connects with the VPN.If you want to add static routes to the teams that need VPNAdd routes to each VPN subnet manually, for example route add -net 10.12.0.0 netmask 255.255.252.0 gw 192.168.1.200.Each distribution has a different way to make the routes persist after a reboot. There is also equivalent with ip route add, but it requires turning the net mask to https://es.wikipedia.org/wiki/Classless_Inter-Domain_Routing .