Probably a dumb question. Did you export the networks you want access to?

Not a dumb question at all, but yeah, I doubled checked that already.

Test access via IP address, because DNS resolution over the VPN is a whole separate can of worms.

Also note, that Windows Firewall will be a problem by default if you didn't NAT the connections.

I've tried with the IP address - where all should I check for NAT? Is there just the one place in the OpenVPN settings?

Yes! If you don't tick that box, NAT traffic from OpenVPN clients is not NAT translated. This means devices behind the Untangle server will see OpenVPN clients as the Untangle server itself, and generally be happier.

Windows Firewall by default will not even accept ping from a "remote" network. Now, I PREFER it this way, because I hate NAT it causes other problems. Just be aware that you need to define the OpenVPN address pool range as a trusted range to the Windows Firewall or it won't accept anything.

If you're using Active Directory, simply adding it to the sites and services applet does the job. If you've got inTune there's an MDM policy you can set to configure the firewall. If you lack both, you have to do this manually per endpoint.

Or, you have to tick that NAT box, and possibly redeploy your client configuration... I don't remember if that box can be set on the server and on next reconnect it sinks in. It might change the client configuration too.