Route on client fails when change server to Windows 7 64bit

[John@DrSchairer.com]

I have had a successful installation of OpenVPN 2.1.4 for months with an XP server. However, when I change the server from an XP machine to a Windows 7 machine the route on the client fails. The route shows up correctly when I do a route print from the command prompt on the client but I cannot ping the server from the client. I can ping through the VPM using the VPM TAP-32 addresses in both directions (10.3.1.1 <-->10.3.1.2) but I cannot ping the server's physical network adapter(192.168.0.2) from the client.



For reference; here are the parameters:
All machines are running openvpn 2.1.4 from openvpn-2.1.4-install.exe. The server runs OpenVPN as a service and each client is run from the GUI.
The client computers are all Windows 7 Home. The server is either a windows XP or a Windows 7 Home machine.
Server IP 192.168.0.2

Server config:
Port:1194
dev tap
ifconfig 10.3.1.1 255.255.255.0
secret keeperS1
ping 10
mute 10

Client config:
remote <<IP address of server location>>
float
dev tap
ifconfig 10.3.1.2 255.255.255.0
secret keeperS1
ping 10
verb 3
mute 10
route 192.168.0.0 255.255.255.0 10.3.1.1



////////////////////////////////////////////////////////////////////////////////
Client connected to Windows XP Server

Client Log

Thu Apr 21 22:40:20 2011 OpenVPN 2.1.4 i686-pc-mingw32 [SSL] [LZO2] [PKCS11] built on Nov 8 2010
Thu Apr 21 22:40:20 2011 WARNING: --ping should normally be used with --ping-restart or --ping-exit
Thu Apr 21 22:40:20 2011 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Thu Apr 21 22:40:20 2011 Static Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Thu Apr 21 22:40:20 2011 Static Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Thu Apr 21 22:40:20 2011 Static Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Thu Apr 21 22:40:20 2011 Static Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Thu Apr 21 22:40:20 2011 Socket Buffers: R=[8192->8192] S=[8192->8192]
Thu Apr 21 22:40:20 2011 ROUTE default_gateway=192.168.3.1
Thu Apr 21 22:40:20 2011 TAP-WIN32 device [Local Area Connection 2] opened: \\.\Global\{AAC7F5A1-A15E-45B2-8A4F-9A1308676B66}.tap
Thu Apr 21 22:40:20 2011 TAP-Win32 Driver Version 9.7
Thu Apr 21 22:40:20 2011 TAP-Win32 MTU=1500
Thu Apr 21 22:40:20 2011 Notified TAP-Win32 driver to set a DHCP IP/netmask of 10.3.1.2/255.255.255.0 on interface {AAC7F5A1-A15E-45B2-8A4F-9A1308676B66} [DHCP-serv: 10.3.1.0, lease-time: 31536000]
Thu Apr 21 22:40:20 2011 Successful ARP Flush on interface [20] {AAC7F5A1-A15E-45B2-8A4F-9A1308676B66}
Thu Apr 21 22:40:20 2011 Data Channel MTU parms [ L:1576 D:1450 EF:44 EB:4 ET:32 EL:0 ]
Thu Apr 21 22:40:20 2011 Local Options hash (VER=V4): '2935d919'
Thu Apr 21 22:40:20 2011 Expected Remote Options hash (VER=V4): '2935d919'
Thu Apr 21 22:40:20 2011 UDPv4 link local (bound): [undef]:1194
Thu Apr 21 22:40:20 2011 UDPv4 link remote: 108.13.171.174:1194
Thu Apr 21 22:40:26 2011 Peer Connection Initiated with 108.13.171.174:1194
Thu Apr 21 22:40:32 2011 TEST ROUTES: 1/1 succeeded len=1 ret=1 a=0 u/d=up
Thu Apr 21 22:40:32 2011 C:\WINDOWS\system32\route.exe ADD 192.168.0.0 MASK 255.255.255.0 10.3.1.1
Thu Apr 21 22:40:32 2011 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=30 and dwForwardType=4
Thu Apr 21 22:40:32 2011 Route addition via IPAPI succeeded [adaptive]
Thu Apr 21 22:40:32 2011 Initialization Sequence Completed


IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.3.1 192.168.3.118 25
10.3.1.0 255.255.255.0 On-link 10.3.1.2 286
10.3.1.2 255.255.255.255 On-link 10.3.1.2 286
10.3.1.255 255.255.255.255 On-link 10.3.1.2 286
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.0.0 255.255.255.0 10.3.1.1 10.3.1.2 30
192.168.3.0 255.255.255.0 On-link 192.168.3.118 281
192.168.3.118 255.255.255.255 On-link 192.168.3.118 281
192.168.3.255 255.255.255.255 On-link 192.168.3.118 281
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 10.3.1.2 286
224.0.0.0 240.0.0.0 On-link 192.168.3.118 281
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 10.3.1.2 286
255.255.255.255 255.255.255.255 On-link 192.168.3.118 281
===========================================================================


Ping Results:
Pinging 192.168.0.2 with 32 bytes of data:
Reply from 192.168.0.2: bytes=32 time=116ms TTL=128

Pinging 10.3.1.1 with 32 bytes of data:
Reply from 10.3.1.1: bytes=32 time=120ms TTL=128

Pinging 10.3.1.2 with 32 bytes of data:
Reply from 10.3.1.2: bytes=32 time<1ms TTL=128

Server Log
Thu Apr 21 18:00:30 2011 OpenVPN 2.1.4 i686-pc-mingw32 [SSL] [LZO2] [PKCS11] built on Nov 8 2010
Thu Apr 21 18:00:30 2011 WARNING: --ping should normally be used with --ping-restart or --ping-exit
Thu Apr 21 18:00:30 2011 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Thu Apr 21 18:00:30 2011 Static Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Thu Apr 21 18:00:30 2011 Static Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Thu Apr 21 18:00:30 2011 Static Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Thu Apr 21 18:00:30 2011 Static Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Thu Apr 21 18:00:30 2011 Socket Buffers: R=[8192->8192] S=[8192->8192]
Thu Apr 21 18:00:30 2011 CreateFile failed on TAP device: \\.\Global\{92CE473D-0258-4CC9-92D5-EDC8693C55F8}.tap
Thu Apr 21 18:00:30 2011 TAP-WIN32 device [Local Area Connection 4] opened: \\.\Global\{3273AADF-C07A-49A5-9846-6754416D0C35}.tap
Thu Apr 21 18:00:30 2011 TAP-Win32 Driver Version 9.7
Thu Apr 21 18:00:30 2011 TAP-Win32 MTU=1500
Thu Apr 21 18:00:30 2011 Notified TAP-Win32 driver to set a DHCP IP/netmask of 10.3.1.1/255.255.255.0 on interface {3273AADF-C07A-49A5-9846-6754416D0C35} [DHCP-serv: 10.3.1.0, lease-time: 31536000]
Thu Apr 21 18:00:30 2011 Successful ARP Flush on interface [4] {3273AADF-C07A-49A5-9846-6754416D0C35}
Thu Apr 21 18:00:30 2011 Data Channel MTU parms [ L:1576 D:1450 EF:44 EB:4 ET:32 EL:0 ]
Thu Apr 21 18:00:30 2011 Local Options hash (VER=V4): '2935d919'
Thu Apr 21 18:00:30 2011 Expected Remote Options hash (VER=V4): '2935d919'
Thu Apr 21 18:00:30 2011 UDPv4 link local (bound): [undef]:1194
Thu Apr 21 18:00:30 2011 UDPv4 link remote: [undef]
Thu Apr 21 21:18:37 2011 Peer Connection Initiated with 66.121.43.10:1194
Thu Apr 21 21:18:43 2011 TEST ROUTES: 0/0 succeeded len=-1 ret=1 a=0 u/d=up
Thu Apr 21 21:18:43 2011 Initialization Sequence Completed
Thu Apr 21 21:47:58 2011 Authenticate/Decrypt packet error: packet HMAC authentication failed
Thu Apr 21 21:47:58 2011 Authenticate/Decrypt packet error: packet HMAC authentication failed
Thu Apr 21 21:47:58 2011 Authenticate/Decrypt packet error: packet HMAC authentication failed
Thu Apr 21 21:47:58 2011 Authenticate/Decrypt packet error: packet HMAC authentication failed
Thu Apr 21 21:47:58 2011 Authenticate/Decrypt packet error: packet HMAC authentication failed
Thu Apr 21 21:47:58 2011 Authenticate/Decrypt packet error: packet HMAC authentication failed
Thu Apr 21 21:47:58 2011 Authenticate/Decrypt packet error: packet HMAC authentication failed
Thu Apr 21 21:47:58 2011 Authenticate/Decrypt packet error: packet HMAC authentication failed
Thu Apr 21 21:47:58 2011 Authenticate/Decrypt packet error: packet HMAC authentication failed
Thu Apr 21 21:47:58 2011 Authenticate/Decrypt packet error: packet HMAC authentication failed
Thu Apr 21 21:47:58 2011 NOTE: --mute triggered...

Server Statistics Log

OpenVPN STATISTICS
Updated,Thu Apr 21 22:50:52 2011
TUN/TAP read bytes,375167
TUN/TAP write bytes,385062
TCP/UDP read bytes,566688
TCP/UDP write bytes,626588
Auth read bytes,405561
TAP-WIN32 driver status,"State=AT?c Err=[c:\src\21\tap_build\7600\tap-win32\tapdrvr.c/2332] #O=4 Tx=[8848,0] Rx=[2846,0] IrpQ=[1,1,16] PktQ=[0,5,64] InjQ=[0,1,16]"
END


//////////////////////////////////////////////////////////////////////////////////////////////////////////
Client connected to Windows 7 server

Client Log
Thu Apr 21 22:00:16 2011 OpenVPN 2.1.4 i686-pc-mingw32 [SSL] [LZO2] [PKCS11] built on Nov 8 2010
Thu Apr 21 22:00:16 2011 WARNING: --ping should normally be used with --ping-restart or --ping-exit
Thu Apr 21 22:00:16 2011 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Thu Apr 21 22:00:16 2011 Static Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Thu Apr 21 22:00:16 2011 Static Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Thu Apr 21 22:00:16 2011 Static Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Thu Apr 21 22:00:16 2011 Static Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Thu Apr 21 22:00:16 2011 Socket Buffers: R=[8192->8192] S=[8192->8192]
Thu Apr 21 22:00:16 2011 ROUTE default_gateway=192.168.3.1
Thu Apr 21 22:00:16 2011 TAP-WIN32 device [Local Area Connection 2] opened: \\.\Global\{AAC7F5A1-A15E-45B2-8A4F-9A1308676B66}.tap
Thu Apr 21 22:00:16 2011 TAP-Win32 Driver Version 9.7
Thu Apr 21 22:00:16 2011 TAP-Win32 MTU=1500
Thu Apr 21 22:00:16 2011 Notified TAP-Win32 driver to set a DHCP IP/netmask of 10.3.1.2/255.255.255.0 on interface {AAC7F5A1-A15E-45B2-8A4F-9A1308676B66} [DHCP-serv: 10.3.1.0, lease-time: 31536000]
Thu Apr 21 22:00:16 2011 Successful ARP Flush on interface [20] {AAC7F5A1-A15E-45B2-8A4F-9A1308676B66}
Thu Apr 21 22:00:16 2011 Data Channel MTU parms [ L:1576 D:1450 EF:44 EB:4 ET:32 EL:0 ]
Thu Apr 21 22:00:16 2011 Local Options hash (VER=V4): '2935d919'
Thu Apr 21 22:00:16 2011 Expected Remote Options hash (VER=V4): '2935d919'
Thu Apr 21 22:00:16 2011 UDPv4 link local (bound): [undef]:1184
Thu Apr 21 22:00:16 2011 UDPv4 link remote: 108.13.171.174:1184
Thu Apr 21 22:00:19 2011 Peer Connection Initiated with 108.13.171.174:57719
Thu Apr 21 22:00:25 2011 TEST ROUTES: 1/1 succeeded len=1 ret=1 a=0 u/d=up
Thu Apr 21 22:00:25 2011 C:\WINDOWS\system32\route.exe ADD 192.168.0.0 MASK 255.255.255.0 10.3.1.1
Thu Apr 21 22:00:25 2011 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=30 and dwForwardType=4
Thu Apr 21 22:00:25 2011 Route addition via IPAPI succeeded [adaptive]
Thu Apr 21 22:00:25 2011 Initialization Sequence Completed


IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.3.1 192.168.3.118 25
10.3.1.0 255.255.255.0 On-link 10.3.1.2 286
10.3.1.2 255.255.255.255 On-link 10.3.1.2 286
10.3.1.255 255.255.255.255 On-link 10.3.1.2 286
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.0.0 255.255.255.0 10.3.1.1 10.3.1.2 30
192.168.3.0 255.255.255.0 On-link 192.168.3.118 281
192.168.3.118 255.255.255.255 On-link 192.168.3.118 281
192.168.3.255 255.255.255.255 On-link 192.168.3.118 281
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 10.3.1.2 286
224.0.0.0 240.0.0.0 On-link 192.168.3.118 281
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 10.3.1.2 286
255.255.255.255 255.255.255.255 On-link 192.168.3.118 281
===========================================================================

Ping Results:
Pinging 10.3.1.1 with 32 bytes of data:
Reply from 10.3.1.1: bytes=32 time=160ms TTL=128

Pinging 10.3.1.2 with 32 bytes of data:
Reply from 10.3.1.2: bytes=32 time<1ms TTL=128

Pinging 192.168.0.2 with 32 bytes of data:
Request timed out.


Server Log
Thu Apr 21 17:56:05 2011 OpenVPN 2.1.4 i686-pc-mingw32 [SSL] [LZO2] [PKCS11] built on Nov 8 2010
Thu Apr 21 17:56:05 2011 WARNING: --ping should normally be used with --ping-restart or --ping-exit
Thu Apr 21 17:56:05 2011 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Thu Apr 21 17:56:05 2011 Static Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Thu Apr 21 17:56:05 2011 Static Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Thu Apr 21 17:56:05 2011 Static Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Thu Apr 21 17:56:05 2011 Static Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Thu Apr 21 17:56:05 2011 Socket Buffers: R=[8192->8192] S=[8192->8192]
Thu Apr 21 17:56:05 2011 CreateFile failed on TAP device: \\.\Global\{68F93592-70C3-4C52-B76D-09BBC0A998A1}.tap
Thu Apr 21 17:56:05 2011 TAP-WIN32 device [VPN 1] opened: \\.\Global\{23E2E51E-D2E5-44EF-AD40-368683B8D00C}.tap
Thu Apr 21 17:56:05 2011 TAP-Win32 Driver Version 9.7
Thu Apr 21 17:56:05 2011 TAP-Win32 MTU=1500
Thu Apr 21 17:56:05 2011 Notified TAP-Win32 driver to set a DHCP IP/netmask of 10.3.1.1/255.255.255.0 on interface {23E2E51E-D2E5-44EF-AD40-368683B8D00C} [DHCP-serv: 10.3.1.0, lease-time: 31536000]
Thu Apr 21 17:56:05 2011 Successful ARP Flush on interface [31] {23E2E51E-D2E5-44EF-AD40-368683B8D00C}
Thu Apr 21 17:56:05 2011 Data Channel MTU parms [ L:1576 D:1450 EF:44 EB:4 ET:32 EL:0 ]
Thu Apr 21 17:56:05 2011 Local Options hash (VER=V4): '2935d919'
Thu Apr 21 17:56:05 2011 Expected Remote Options hash (VER=V4): '2935d919'
Thu Apr 21 17:56:05 2011 UDPv4 link local (bound): [undef]:1184
Thu Apr 21 17:56:05 2011 UDPv4 link remote: [undef]
Thu Apr 21 21:21:34 2011 Peer Connection Initiated with 66.121.43.10:1184
Thu Apr 21 21:21:40 2011 TEST ROUTES: 0/0 succeeded len=-1 ret=1 a=0 u/d=up
Thu Apr 21 21:21:40 2011 Initialization Sequence Completed

Server Statistics Log
OpenVPN STATISTICS
Updated,Thu Apr 21 22:35:35 2011
TUN/TAP read bytes,495585
TUN/TAP write bytes,269214
TCP/UDP read bytes,339392
TCP/UDP write bytes,236624
Auth read bytes,269549
TAP-WIN32 driver status,"State=AT?c Err=[c:\src\21\tap_build\7600\tap-win32\tapdrvr.c/2332] #O=5 Tx=[8280,0] Rx=[1717,0] IrpQ=[1,1,16] PktQ=[0,15,64] InjQ=[0,1,16]"
END

[janjust]

this can't be right: the XP server log shows

Code: Select all

Thu Apr 21 21:47:58 2011 Authenticate/Decrypt packet error: packet HMAC authentication failed

yet it works, the Win7 server log does not?

an HMAC auth error means that your secret keys don't match - check the secret keys on the 2 servers.

[John@DrSchairer.com]

Many appologies. I pasted the wrong logs in for the server. You're quite right those logs don't correspond to the problem as I have described it. This connection works fine. It's the Win7/ win7 configuration that doesn't route in the client even though the only change is replacing the server.

Here is another set of logs for the XP server/ win7 client.

Server:
Fri Apr 22 18:48:21 2011 OpenVPN 2.1.4 i686-pc-mingw32 [SSL] [LZO2] [PKCS11] built on Nov 8 2010
Fri Apr 22 18:48:21 2011 WARNING: --ping should normally be used with --ping-restart or --ping-exit
Fri Apr 22 18:48:21 2011 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Fri Apr 22 18:48:21 2011 Static Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Fri Apr 22 18:48:21 2011 Static Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Fri Apr 22 18:48:21 2011 Static Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Fri Apr 22 18:48:21 2011 Static Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Fri Apr 22 18:48:21 2011 Socket Buffers: R=[8192->8192] S=[8192->8192]
Fri Apr 22 18:48:21 2011 CreateFile failed on TAP device: \\.\Global\{92CE473D-0258-4CC9-92D5-EDC8693C55F8}.tap
Fri Apr 22 18:48:21 2011 TAP-WIN32 device [Local Area Connection 4] opened: \\.\Global\{3273AADF-C07A-49A5-9846-6754416D0C35}.tap
Fri Apr 22 18:48:21 2011 TAP-Win32 Driver Version 9.7
Fri Apr 22 18:48:21 2011 TAP-Win32 MTU=1500
Fri Apr 22 18:48:21 2011 Notified TAP-Win32 driver to set a DHCP IP/netmask of 10.3.1.1/255.255.255.0 on interface {3273AADF-C07A-49A5-9846-6754416D0C35} [DHCP-serv: 10.3.1.0, lease-time: 31536000]
Fri Apr 22 18:48:21 2011 Successful ARP Flush on interface [4] {3273AADF-C07A-49A5-9846-6754416D0C35}
Fri Apr 22 18:48:21 2011 Data Channel MTU parms [ L:1576 D:1450 EF:44 EB:4 ET:32 EL:0 ]
Fri Apr 22 18:48:21 2011 Local Options hash (VER=V4): '2935d919'
Fri Apr 22 18:48:21 2011 Expected Remote Options hash (VER=V4): '2935d919'
Fri Apr 22 18:48:21 2011 UDPv4 link local (bound): [undef]:1194
Fri Apr 22 18:48:21 2011 UDPv4 link remote: [undef]
Fri Apr 22 18:49:17 2011 Peer Connection Initiated with 60.12.43.101:1194
Fri Apr 22 18:49:22 2011 TEST ROUTES: 0/0 succeeded len=-1 ret=1 a=0 u/d=up
Fri Apr 22 18:49:22 2011 Initialization Sequence Completed

Client:
Fri Apr 22 18:48:55 2011 OpenVPN 2.1.4 i686-pc-mingw32 [SSL] [LZO2] [PKCS11] built on Nov 8 2010
Fri Apr 22 18:48:55 2011 WARNING: --ping should normally be used with --ping-restart or --ping-exit
Fri Apr 22 18:48:55 2011 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Fri Apr 22 18:48:55 2011 Static Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Fri Apr 22 18:48:55 2011 Static Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Fri Apr 22 18:48:55 2011 Static Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Fri Apr 22 18:48:55 2011 Static Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Fri Apr 22 18:48:55 2011 Socket Buffers: R=[8192->8192] S=[8192->8192]
Fri Apr 22 18:48:55 2011 ROUTE default_gateway=192.168.3.1
Fri Apr 22 18:48:55 2011 TAP-WIN32 device [Local Area Connection 2] opened: \\.\Global\{AAC7F5A1-A15E-45B2-8A4F-9A1308676B66}.tap
Fri Apr 22 18:48:55 2011 TAP-Win32 Driver Version 9.7
Fri Apr 22 18:48:55 2011 TAP-Win32 MTU=1500
Fri Apr 22 18:48:55 2011 Notified TAP-Win32 driver to set a DHCP IP/netmask of 10.3.1.2/255.255.255.0 on interface {AAC7F5A1-A15E-45B2-8A4F-9A1308676B66} [DHCP-serv: 10.3.1.0, lease-time: 31536000]
Fri Apr 22 18:48:55 2011 Successful ARP Flush on interface [20] {AAC7F5A1-A15E-45B2-8A4F-9A1308676B66}
Fri Apr 22 18:48:55 2011 Data Channel MTU parms [ L:1576 D:1450 EF:44 EB:4 ET:32 EL:0 ]
Fri Apr 22 18:48:55 2011 Local Options hash (VER=V4): '2935d919'
Fri Apr 22 18:48:55 2011 Expected Remote Options hash (VER=V4): '2935d919'
Fri Apr 22 18:48:55 2011 UDPv4 link local (bound): [undef]:1194
Fri Apr 22 18:48:55 2011 UDPv4 link remote: 100.13.171.174:1194
Fri Apr 22 18:48:57 2011 Peer Connection Initiated with 100.13.171.174:1194
Fri Apr 22 18:49:03 2011 TEST ROUTES: 1/1 succeeded len=1 ret=1 a=0 u/d=up
Fri Apr 22 18:49:03 2011 C:\WINDOWS\system32\route.exe ADD 192.168.0.0 MASK 255.255.255.0 10.3.1.1
Fri Apr 22 18:49:03 2011 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=30 and dwForwardType=4
Fri Apr 22 18:49:03 2011 Route addition via IPAPI succeeded [adaptive]
Fri Apr 22 18:49:03 2011 Initialization Sequence Completed

[janjust]

so when you're connecting to the win7 server you get the HMAC errors? check the secret key files on both client and server - there seems to be a mismatch.

[John@DrSchairer.com]

Sorry for the confusion. The HMAC errors were solved before I posted the question. I apologize for pasting in the wrong log.

I have a tunnel as evidenced by the ability to ping in both directions through the tunnel.
The problem is that I cannot make a route to connect the tunnel to the rest of the network. The route appears in the router table but I cannot ping from the client to the server computer's IP address. It only happens when I change the server from an XP machine to a Win7 machine. The config files are the same, the version of OpenVPN is the same, the clients are the same. The only change is moving from an XP server where everything works fine to a Win7 server.

In addition manually adding the route to the client does not work either. I've run out of ideas of what to try. Any ideas would be much appreciated.
Thanks.

[janjust]

make sure the tap-win32 adapter on the windows 7 host is not marked as 'public' and that it is not firewalled; both settings can be found in the Network Connections panel.
By default, windows 7 does not allow you to ping an interface that is marked as 'public' , and unfortunately this is the default mode for any new adapter.