OpenVPN: Wifi Clients -> Router -> VPN Server -> Internal NAT

Hello, I'm getting confused about interfaces, connections and NAT and I really need some guidance.
So far, I just used OpenVPN for specific needs and quite not understand network rules so well.

My problem: I have a Lab behind a router (NAT - I also have a server ( configured with OpenVPN. I use OpenWRT to connect to this server and make devices work like they were inside my Lab.
In other words: Lab1 ( <-> Cables <-> Tp-Link (OpenWRT) <-> Clients (able to access devices.

My server successfully open a connection ( and OpenWRT successfully connect to the server ( If I SSH to my router, I can access, no problem, but the clients of my router are not able.

Can someone give my a help?

Answering this topic, I get it working using the following configuration. Indeed I have no idea how it works and I still need some clarification.


config interface 'VPN'
	option ifname 'tun0'
	option proto 'unmanaged'


config zone
	option name 'VPN_FW'
	option input 'REJECT'
	option output 'ACCEPT'
	option forward 'REJECT'
	option masq '1'
	option mtu_fix '1'
	option network 'VPN'

config forwarding
	option dest 'VPN_FW'
	option src 'lan'

Is there a documentation to understand these lines? Eventually I may need to block connection to the internet still allowing users to connect in devices inside the network.