Hey, hopefully someone kind can help me or point me in a right direction.

Putting together a proof of concept to access a mobile bit of kit when it's out on the road for diagnostic purposes. Have a 3g router, unfortunately due to CGNAT, accessing the router (and anything on it's LAN) via WAN wasn't going to work without a VPN (correct me if I'm wrong?).

Anyway.. this is roughly how the gear is setup.

Primary Router (running OpenVPN server) on 192.168.1.x (yes, I know this isn't ideal!) with DynDNS service to get WAN IP

3G router, connecting to Primary router via VPN Client config - lan is 192.168.0.x - receives 192.168.1.200 from VPN server

other laptops connecting to the Primary router via VPN - 192.168.45.x - receives 192.168.1.201 from VPN server

I am having trouble accessing the 192.168.0.x network as another VPN Client (192.168.45.x).  Accessing the 192.168.0.x network is fine from the 192.168.1.x - so provided you're not connecting via VPN, you can access the VPN clients.  192.168.1.201 can access 192.168.1.200 (brings up the 3g router login pages, same as accessing 192.168.0.1, however accessing 192.168.0.1 does not work)

I have enabled client - client in the OpenVPN settings. so scratching my head, I believe I need to put some static routes inplace - but not sure if this needs to be in the Primary router or the 3g router, or both?  Any help would be appreciated!

I have already done this on the main router:

Destination        Gateway / Next Hop            SubnetMask          Metric         Interface

192.168.0.1             192.168.1.200              255.255.255.0            0          br0 (LAN)