Route Specific traffic through Open VPN

I use Open VPN to connect remotely to an intranet in a different city on a different network ( but probably with the same subnet ). The intranet is on 192.168.1.42 on the remote server in the office.

We are in an office where ip address 192.168.1.42 is a local IP address and a remote ip address - but I want to force open VPN to use the remote version of that IP Address but keep regular internet still using the local connection ( i.e. not pushing everything through the VPN ) . Possible?

OpenVPN includes a countermeasure to this very popular problem. It is basically a static one-to-one NAT. It is enabled with the help of the --client-nat option:

       --client-nat args
              This pushable client option sets up a stateless one-to-one NAT
              rule on packet addresses (not ports), and is  useful in cases
              where routes or ifconfig settings pushed to the client would 
              create an IP numbering conflict.

              Examples:

                 client-nat snat 192.168.0.0/255.255.0.0
                 client-nat dnat 10.64.0.0/255.255.0.0

              network/netmask (for example 192.168.0.0/255.255.0.0) defines
              the local view of a resource from the client perspective, while
              alias/netmask (for example 10.64.0.0/255.255.0.0) defines the 
              remote view from the server perspective.

              Use snat (source NAT) for resources owned by the client and 
              dnat (destination NAT) for remote resources.

              Set --verb 6 for debugging info showing the transformation of 
              src/dest addresses in packets.

Add the following to the affected client OpenVPN configuration file:

client-nat dnat 10.64.0.0/255.255.0.0
client-nat snat 10.64.0.0/255.255.0.0

And try to connect to e.g. 10.64.1.42 instead of 192.168.1.42.

Notice while this may help, you'll certainly will need some debugging (use verb 6 in the config file or on the management channel). Also remember that anything like this is error prone, since it makes your network less clear and requires more concentration to understand what's going on and how to fix the problems. And it will in turn create another problems with IPSec or SIP or other complex protocols; this is inevitable.

To fix this without introducing murky configuration options, follow the suggestion of Esa Jokinen up there. I'll speak it in a broader way: since 192.168.0.x and 192.168.1.x happened to be the default on giant variety of home devices, never use those networks for office, and also probably 192.168.88.x should be included into the stop list as well, because it's the default for Mikrotik devices, which are quite popular too.

Renumbering the office network to never use those subnets will result in cleanest overall network design. (And this idea even extends to other networking experience as well, for instance, never use the default VLAN ID 1, and so on.)

The easiest and most confusing solution will be the following workaround. You cant just push "route 192.168.1.0 255.255.255.0", because you'll lose an access to all local resources. But you still can push the routes to individual addresses in the subnet. For instance, if many clients are affected, add the following line into the server's configuration:

push "route 192.168.1.42"

(the mask of 255.255.255.255 is assumed). The only case when this wouldn't work is that if the target client address in home network is 192.168.1.42; in this case nothing will help. Then restart the server. If only few clients are affected, you can skip server restart (which implies disruption), add route 192.168.1.42 to affected clients configurations and force them to reconnect.