I've had OpenVPN set up with several web servers in the DMZ that I've had no problem accessing from a VPN client connected machine. I've just added a new web server in the DMZ that I cannot access from the VPN client.

OpenVPN is set up with the default 172.16.0.0/24 pool.
The DMZ is on 192.168.200.0/24.

I have another host also in the DMZ with nmap. Scanning the new web server box from that host in the DMZ shows the expected TCP ports open. However, running nmap on the VPN client connected machine to scan the new web server is showing no open ports.

I originally had IP address exports for individual hosts in the DMZ with the older web servers reachable as expected but with the new web server unreachable.

I have also tried - rather than exporting individual IP addresses in the DMZ - exporting the entire DMZ network. Same result. Old web servers that I had no problem accessing from the VPN client connected machine before are still accessible as expected, but the new web server is still showing no open TCP ports when scanned from the VPN client connected machine.

I presume that the list of exported hosts/networks is independent of VPN clients. In other words, if I have a set of existing VPN clients that I have distributed to users and at some point later, I add new hosts that I want to give users access to via the VPN, all I need to do is add to the list of exported hosts and I don't have to regenerate and redistribute new VPN clients/certs, correct?

Any suggestions on troubleshooting this would be appreciated.

Thanks.