OpenVPN Server to Allow Access to Two Different Networks

I am trying to allow OpenVPN clients to the OpenVPN which has access to two different subnets. The 10.203.1.61 has a public network and is used when clients access OpenVPN while the 172.28 (ens4) is a private IP into that network. I would like them to also have the ability to access the network running on ens4.

ens3: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 9000 inet 10.203.1.61 netmask 255.255.192.0 broadcast 10.203.63.255

ens4: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 9000 inet 172.28.255.61 netmask 255.255.255.0 broadcast 0.0.0.0

I have the following configuration in the server.conf but it doesn't seem to be working. Can someone help me out?

Thanks

local 10.203.1.61
port 443
proto udp
dev tun
ca ca.crt
cert server.crt
key server.key
dh dh.pem
auth SHA512
tls-crypt tc.key
topology subnet
server 10.8.0.0 255.255.255.0
push "route 10.203.0.0 255.255.192.0"
push "route 172.28.255.0 255.255.255.0"
ifconfig-pool-persist ipp.txt
push "dhcp-option DNS 10.203.1.11"
push "dhcp-option DNS 10.203.1.14"
push "dhcp-option DOMAIN acme.com"
keepalive 10 120
cipher AES-256-CBC
user nobody
group nobody
persist-key
persist-tun
verb 3
crl-verify crl.pem
duplicate-cn
explicit-exit-notify
plugin /usr/lib64/openvpn/plugin/lib/openvpn-auth-ldap.so /etc/openvpn/auth/ldap.conf

Here is my route on the server

[root@openvpn01 ~]# route
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
default         gateway         0.0.0.0         UG    0      0        0 ens3
10.8.0.0        0.0.0.0         255.255.255.0   U     0      0        0 tun0
10.203.0.0      0.0.0.0         255.255.192.0   U     0      0        0 ens3
link-local      0.0.0.0         255.255.0.0     U     0      0        0 ens3
link-local      0.0.0.0         255.255.0.0     U     1002   0        0 ens3
172.28.255.0    0.0.0.0         255.255.255.0   U     0      0        0 ens4

Thanks for the reply. I added the ipv4 forward (as well as into the sysctl.conf). iptables shows that I already have the -P FORWARD ACCEPT

-P INPUT ACCEPT
-P FORWARD ACCEPT
-P OUTPUT ACCEPT
-A INPUT -p udp -m udp --dport 443 -j ACCEPT
-A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -s 10.8.0.0/24 -j ACCEPT

I also added the route for the 172.28.255 network so that when 10.8.0.0/24 sends back to the 172.28.255.61 (openvpn secondary vnic) but that also didn't seem to have helped. I have the secondary VNIC set to skip source/destination check (in OCI)

If the routes are pushing correctly to clientes try next:

1. Enable IP Forwarding in your linuxbox with sysctl net.ipv4.ip_forward=1 command more information Doc
2. Allow IP Forwarding via Iptables:
   • Clear Iptables rules iptables -F (in case you have a deny)
   • Allow all forward traffic by default iptables -P FORWARD ACCEPT

Note: Remember the network 172.28.255.0/24 needs a route to access 10.8.0.0/24 via your OpenVPN Server.