I also tried to use the ccd with different segment, with config below:

server.conf
client-config-dir /etc/openvpn/ccd
route 10.8.2.0 255.255.255.0

/etc/openvpn/ccd/username1:
Code:
ifconfig-push 10.8.2.9 10.8.2.10

but still getting 10.8.0.x internal IP instead of 10.8.2.x.

Also put in IPtables:
iptables -A FORWARD -s 10.8.2.0/24 -j ACCEPT

We recently had to set up an L2TP tunnel for our apple devices, since the last iOS 10 update took PPTP out of the picture. It was a huge PITA too, because I didn't figure out for a while that the secondary tunnel wouldn't let me reuse existing user accounts in our Watchguard.... that was some fun trial and error. And the WG how-tos never specified anything about needing different user accounts. It sucks to do all the steps right and then get login errors... makes ya feel like an amateur.

@dafyre said:

What kind of authentication is the daloradius / freeradius back-end using?

Can you test the authentication to the freeradius server from another server at Location B?

Not sure how to answer that, daloradius is just a web based front end of freeradius to manage users. What I think is for some reason the ovpn server is not communicating with dalo server.

@scottalanmiller its ubuntu which is my issue too. I am so comfortable with centos, and ufw firewall is something new to me. Not even sure if this thing is enabled or disabled! 🙂

Found it.
First run the iptables entry
iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -j SNAT --to xxx.xx.xx.xx

Then run sudo apt-get install iptables-persistent, and follow the prompts. When it asks to save the current rules, hit "Yes" at both prompts. Now, on reboots, your iptables rules will be restored.
All done, working fine! 🙂

how do they compare to the Ubiquiti?