Allowing e.g. VPN Network communication in and out via the VPN Gateway port requires adjustment of the port security.
$ openstack port list
+--------------+------------------+-------------------+-----------------------------------------------------+--------+
| ID | Name | MAC Address | Fixed IP Addresses | Status |
+--------------+------------------+-------------------+-----------------------------------------------------+--------+
| 5fc7ed94-... | vpngateway1 port | fa:16:3e:6a:24:b3 | ip_address='192.168.2.14', subnet_id='f776dcf3-...' | ACTIVE |
+--------------+------------------+-------------------+-----------------------------------------------------+--------+
neutron port-update <PORT ID> --allowed_address_pairs list=true type=dict ip_address=<IP Address or IP Subnet/Mask>
neutron port-update 5fc7ed94-754e-427a-a6d2-9b0f67f9eebd --allowed_address_pairs list=true type=dict ip_address=10.0.0.0/24
ssh user@10.0.0.2
ping 192.168.2.14
64 bytes from 192.168.2.14: icmp_seq=348 ttl=64 time=2.19 ms
64 bytes from 192.168.2.14: icmp_seq=349 ttl=64 time=1.83 ms
You allowed your VPN subnet to talk via the host port.