WinXP client to Linux (Ubuntu 10.04) cannot see lan

[awby]

Hi there,

We have openvpn 2.1.0 server running on Ubuntu 10.04. We can happily connect Linux, MacOSX and Windows 7 clients to our VPN. However we are having problems with one remote user with a Windows XP client. He can connect, gets a IP and can ping the OpenVPN server but cannot ping any other machines inside the VPN (on the lan). Nor can other machines inside the VPN (on the lan) ping the remotely connected VPN client.

We've checked firewall and removed the router at the remote end. But we're at a loss as to why this client cannot see other computers in our VPN.

server.conf:
port 1194
proto udp
dev tap0
up "/etc/openvpn/up.sh br0"
down "/etc/openvpn/down.sh br0"
ca ca.crt
cert server.crt
key server.key # This file should be kept secret
dh dh1024.pem
server-bridge 10.1.10.101 255.255.255.0 10.1.10.200 10.1.10.253
push "route 10.1.10.0 255.255.255.0"
duplicate-cn
keepalive 10 120
tls-auth ta.key 0 # This file is secret
cipher AES-128-CBC # AES
comp-lzo
user nobody
group nogroup
persist-key
persist-tun
status openvpn-status.log
log-append openvpn.log
verb 5

Client config:
client
--float
dev tap
proto udp
remote aaa.bbb.ccc.ddd 1194
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca2.crt
cert skly.crt
key skly.key
tls-auth ta.key 1
ns-cert-type server
cipher AES-128-CBC
comp-lzo
verb 4
script-security 3

Client log:
Tue Nov 22 08:42:29 2011 us=984000 Current Parameter Settings:
Tue Nov 22 08:42:29 2011 us=984000 config = 'phInternal.ovpn'
Tue Nov 22 08:42:29 2011 us=984000 mode = 0
Tue Nov 22 08:42:29 2011 us=984000 show_ciphers = DISABLED
Tue Nov 22 08:42:29 2011 us=984000 show_digests = DISABLED
Tue Nov 22 08:42:29 2011 us=984000 show_engines = DISABLED
Tue Nov 22 08:42:29 2011 us=984000 genkey = DISABLED
Tue Nov 22 08:42:29 2011 us=984000 key_pass_file = '[UNDEF]'
Tue Nov 22 08:42:29 2011 us=984000 show_tls_ciphers = DISABLED
Tue Nov 22 08:42:29 2011 us=984000 Connection profiles [default]:
Tue Nov 22 08:42:29 2011 us=984000 proto = udp
Tue Nov 22 08:42:29 2011 us=984000 local = '[UNDEF]'
Tue Nov 22 08:42:29 2011 us=984000 local_port = 0
Tue Nov 22 08:42:29 2011 us=984000 remote = 'aaa.bbb.ccc.ddd'
Tue Nov 22 08:42:29 2011 us=984000 remote_port = 1194
Tue Nov 22 08:42:29 2011 us=984000 remote_float = ENABLED
Tue Nov 22 08:42:29 2011 us=984000 bind_defined = DISABLED
Tue Nov 22 08:42:29 2011 us=984000 bind_local = DISABLED
Tue Nov 22 08:42:29 2011 us=984000 connect_retry_seconds = 5
Tue Nov 22 08:42:29 2011 us=984000 connect_timeout = 10
Tue Nov 22 08:42:29 2011 us=984000 connect_retry_max = 0
Tue Nov 22 08:42:29 2011 us=984000 socks_proxy_server = '[UNDEF]'
Tue Nov 22 08:42:29 2011 us=984000 socks_proxy_port = 0
Tue Nov 22 08:42:29 2011 us=984000 socks_proxy_retry = DISABLED
Tue Nov 22 08:42:29 2011 us=984000 Connection profiles END
Tue Nov 22 08:42:29 2011 us=984000 remote_random = DISABLED
Tue Nov 22 08:42:29 2011 us=984000 ipchange = '[UNDEF]'
Tue Nov 22 08:42:29 2011 us=984000 dev = 'tap'
Tue Nov 22 08:42:29 2011 us=984000 dev_type = '[UNDEF]'
Tue Nov 22 08:42:29 2011 us=984000 dev_node = '[UNDEF]'
Tue Nov 22 08:42:29 2011 us=984000 lladdr = '[UNDEF]'
Tue Nov 22 08:42:29 2011 us=984000 topology = 1
Tue Nov 22 08:42:29 2011 us=984000 tun_ipv6 = DISABLED
Tue Nov 22 08:42:29 2011 us=984000 ifconfig_local = '[UNDEF]'
Tue Nov 22 08:42:29 2011 us=984000 ifconfig_remote_netmask = '[UNDEF]'
Tue Nov 22 08:42:29 2011 us=984000 ifconfig_noexec = DISABLED
Tue Nov 22 08:42:29 2011 us=984000 ifconfig_nowarn = DISABLED
Tue Nov 22 08:42:29 2011 us=984000 shaper = 0
Tue Nov 22 08:42:29 2011 us=984000 tun_mtu = 1500
Tue Nov 22 08:42:29 2011 us=984000 tun_mtu_defined = ENABLED
Tue Nov 22 08:42:29 2011 us=984000 link_mtu = 1500
Tue Nov 22 08:42:29 2011 us=984000 link_mtu_defined = DISABLED
Tue Nov 22 08:42:29 2011 us=984000 tun_mtu_extra = 32
Tue Nov 22 08:42:29 2011 us=984000 tun_mtu_extra_defined = ENABLED
Tue Nov 22 08:42:29 2011 us=984000 fragment = 0
Tue Nov 22 08:42:29 2011 us=984000 mtu_discover_type = -1
Tue Nov 22 08:42:29 2011 us=984000 mtu_test = 0
Tue Nov 22 08:42:29 2011 us=984000 mlock = DISABLED
Tue Nov 22 08:42:29 2011 us=984000 keepalive_ping = 0
Tue Nov 22 08:42:29 2011 us=984000 keepalive_timeout = 0
Tue Nov 22 08:42:29 2011 us=984000 inactivity_timeout = 0
Tue Nov 22 08:42:29 2011 us=984000 ping_send_timeout = 0
Tue Nov 22 08:42:29 2011 us=984000 ping_rec_timeout = 0
Tue Nov 22 08:42:29 2011 us=984000 ping_rec_timeout_action = 0
Tue Nov 22 08:42:29 2011 us=984000 ping_timer_remote = DISABLED
Tue Nov 22 08:42:29 2011 us=984000 remap_sigusr1 = 0
Tue Nov 22 08:42:29 2011 us=984000 explicit_exit_notification = 0
Tue Nov 22 08:42:29 2011 us=984000 persist_tun = ENABLED
Tue Nov 22 08:42:29 2011 us=984000 persist_local_ip = DISABLED
Tue Nov 22 08:42:29 2011 us=984000 persist_remote_ip = DISABLED
Tue Nov 22 08:42:29 2011 us=984000 persist_key = ENABLED
Tue Nov 22 08:42:29 2011 us=984000 mssfix = 1450
Tue Nov 22 08:42:29 2011 us=984000 resolve_retry_seconds = 1000000000
Tue Nov 22 08:42:29 2011 us=984000 username = '[UNDEF]'
Tue Nov 22 08:42:29 2011 us=984000 groupname = '[UNDEF]'
Tue Nov 22 08:42:29 2011 us=984000 chroot_dir = '[UNDEF]'
Tue Nov 22 08:42:29 2011 us=984000 cd_dir = '[UNDEF]'
Tue Nov 22 08:42:29 2011 us=984000 writepid = '[UNDEF]'
Tue Nov 22 08:42:30 2011 us=203000 up_script = '[UNDEF]'
Tue Nov 22 08:42:30 2011 us=203000 down_script = '[UNDEF]'
Tue Nov 22 08:42:30 2011 us=203000 down_pre = DISABLED
Tue Nov 22 08:42:30 2011 us=203000 up_restart = DISABLED
Tue Nov 22 08:42:30 2011 us=203000 up_delay = DISABLED
Tue Nov 22 08:42:30 2011 us=203000 daemon = DISABLED
Tue Nov 22 08:42:30 2011 us=203000 inetd = 0
Tue Nov 22 08:42:30 2011 us=203000 log = DISABLED
Tue Nov 22 08:42:30 2011 us=203000 suppress_timestamps = DISABLED
Tue Nov 22 08:42:30 2011 us=203000 nice = 0
Tue Nov 22 08:42:30 2011 us=203000 verbosity = 4
Tue Nov 22 08:42:30 2011 us=203000 mute = 0
Tue Nov 22 08:42:30 2011 us=203000 gremlin = 0
Tue Nov 22 08:42:30 2011 us=203000 status_file = '[UNDEF]'
Tue Nov 22 08:42:30 2011 us=203000 status_file_version = 1
Tue Nov 22 08:42:30 2011 us=203000 status_file_update_freq = 60
Tue Nov 22 08:42:30 2011 us=203000 occ = ENABLED
Tue Nov 22 08:42:30 2011 us=203000 rcvbuf = 0
Tue Nov 22 08:42:30 2011 us=203000 sndbuf = 0
Tue Nov 22 08:42:30 2011 us=218000 sockflags = 0
Tue Nov 22 08:42:30 2011 us=218000 fast_io = DISABLED
Tue Nov 22 08:42:30 2011 us=218000 lzo = 7
Tue Nov 22 08:42:30 2011 us=218000 route_script = '[UNDEF]'
Tue Nov 22 08:42:30 2011 us=218000 route_default_gateway = '[UNDEF]'
Tue Nov 22 08:42:30 2011 us=218000 route_default_metric = 0
Tue Nov 22 08:42:30 2011 us=218000 route_noexec = DISABLED
Tue Nov 22 08:42:30 2011 us=218000 route_delay = 5
Tue Nov 22 08:42:30 2011 us=218000 route_delay_window = 30
Tue Nov 22 08:42:30 2011 us=218000 route_delay_defined = ENABLED
Tue Nov 22 08:42:30 2011 us=218000 route_nopull = DISABLED
Tue Nov 22 08:42:30 2011 us=218000 route_gateway_via_dhcp = DISABLED
Tue Nov 22 08:42:30 2011 us=218000 max_routes = 100
Tue Nov 22 08:42:30 2011 us=218000 allow_pull_fqdn = DISABLED
Tue Nov 22 08:42:30 2011 us=218000 management_addr = '[UNDEF]'
Tue Nov 22 08:42:30 2011 us=218000 management_port = 0
Tue Nov 22 08:42:30 2011 us=218000 management_user_pass = '[UNDEF]'
Tue Nov 22 08:42:30 2011 us=218000 management_log_history_cache = 250
Tue Nov 22 08:42:30 2011 us=218000 management_echo_buffer_size = 100
Tue Nov 22 08:42:30 2011 us=218000 management_write_peer_info_file = '[UNDEF]'
Tue Nov 22 08:42:30 2011 us=218000 management_client_user = '[UNDEF]'
Tue Nov 22 08:42:30 2011 us=218000 management_client_group = '[UNDEF]'
Tue Nov 22 08:42:30 2011 us=218000 management_flags = 0
Tue Nov 22 08:42:30 2011 us=218000 shared_secret_file = '[UNDEF]'
Tue Nov 22 08:42:30 2011 us=218000 key_direction = 2
Tue Nov 22 08:42:30 2011 us=218000 ciphername_defined = ENABLED
Tue Nov 22 08:42:30 2011 us=218000 ciphername = 'AES-128-CBC'
Tue Nov 22 08:42:30 2011 us=218000 authname_defined = ENABLED
Tue Nov 22 08:42:30 2011 us=218000 authname = 'SHA1'
Tue Nov 22 08:42:30 2011 us=218000 prng_hash = 'SHA1'
Tue Nov 22 08:42:30 2011 us=218000 prng_nonce_secret_len = 16
Tue Nov 22 08:42:30 2011 us=218000 keysize = 0
Tue Nov 22 08:42:30 2011 us=218000 engine = DISABLED
Tue Nov 22 08:42:30 2011 us=218000 replay = ENABLED
Tue Nov 22 08:42:30 2011 us=218000 mute_replay_warnings = DISABLED
Tue Nov 22 08:42:30 2011 us=218000 replay_window = 64
Tue Nov 22 08:42:30 2011 us=218000 replay_time = 15
Tue Nov 22 08:42:30 2011 us=218000 packet_id_file = '[UNDEF]'
Tue Nov 22 08:42:30 2011 us=218000 use_iv = ENABLED
Tue Nov 22 08:42:30 2011 us=218000 test_crypto = DISABLED
Tue Nov 22 08:42:30 2011 us=218000 tls_server = DISABLED
Tue Nov 22 08:42:30 2011 us=218000 tls_client = ENABLED
Tue Nov 22 08:42:30 2011 us=218000 key_method = 2
Tue Nov 22 08:42:30 2011 us=218000 ca_file = 'ca2.crt'
Tue Nov 22 08:42:30 2011 us=218000 ca_path = '[UNDEF]'
Tue Nov 22 08:42:30 2011 us=218000 dh_file = '[UNDEF]'
Tue Nov 22 08:42:30 2011 us=218000 cert_file = 'mycert.crt'
Tue Nov 22 08:42:30 2011 us=218000 priv_key_file = 'mycert.key'
Tue Nov 22 08:42:30 2011 us=218000 pkcs12_file = '[UNDEF]'
Tue Nov 22 08:42:30 2011 us=234000 cryptoapi_cert = '[UNDEF]'
Tue Nov 22 08:42:30 2011 us=234000 cipher_list = '[UNDEF]'
Tue Nov 22 08:42:30 2011 us=234000 tls_verify = '[UNDEF]'
Tue Nov 22 08:42:30 2011 us=234000 tls_export_cert = '[UNDEF]'
Tue Nov 22 08:42:30 2011 us=234000 tls_remote = '[UNDEF]'
Tue Nov 22 08:42:30 2011 us=234000 crl_file = '[UNDEF]'
Tue Nov 22 08:42:30 2011 us=234000 ns_cert_type = 64
Tue Nov 22 08:42:30 2011 us=234000 remote_cert_ku = 0
Tue Nov 22 08:42:30 2011 us=234000 remote_cert_ku = 0
Tue Nov 22 08:42:30 2011 us=234000 remote_cert_ku = 0
Tue Nov 22 08:42:30 2011 us=234000 remote_cert_ku = 0
Tue Nov 22 08:42:30 2011 us=234000 remote_cert_ku = 0
Tue Nov 22 08:42:30 2011 us=234000 remote_cert_ku = 0
Tue Nov 22 08:42:30 2011 us=234000 remote_cert_ku = 0
Tue Nov 22 08:42:30 2011 us=234000 remote_cert_ku = 0
Tue Nov 22 08:42:30 2011 us=234000 remote_cert_ku = 0
Tue Nov 22 08:42:30 2011 us=234000 remote_cert_ku = 0
Tue Nov 22 08:42:30 2011 us=234000 remote_cert_ku[i] = 0
Tue Nov 22 08:42:30 2011 us=234000 remote_cert_ku[i] = 0
Tue Nov 22 08:42:30 2011 us=234000 remote_cert_ku[i] = 0
Tue Nov 22 08:42:30 2011 us=234000 remote_cert_ku[i] = 0
Tue Nov 22 08:42:30 2011 us=234000 remote_cert_ku[i] = 0
Tue Nov 22 08:42:30 2011 us=234000 remote_cert_ku[i] = 0
Tue Nov 22 08:42:30 2011 us=234000 remote_cert_eku = '[UNDEF]'
Tue Nov 22 08:42:30 2011 us=234000 tls_timeout = 2
Tue Nov 22 08:42:30 2011 us=234000 renegotiate_bytes = 0
Tue Nov 22 08:42:30 2011 us=234000 renegotiate_packets = 0
Tue Nov 22 08:42:30 2011 us=234000 renegotiate_seconds = 3600
Tue Nov 22 08:42:30 2011 us=234000 handshake_window = 60
Tue Nov 22 08:42:30 2011 us=234000 transition_window = 3600
Tue Nov 22 08:42:30 2011 us=234000 single_session = DISABLED
Tue Nov 22 08:42:30 2011 us=234000 push_peer_info = DISABLED
Tue Nov 22 08:42:30 2011 us=234000 tls_exit = DISABLED
Tue Nov 22 08:42:30 2011 us=234000 tls_auth_file = 'ta.key'
Tue Nov 22 08:42:30 2011 us=234000 server_network = 0.0.0.0
Tue Nov 22 08:42:30 2011 us=234000 server_netmask = 0.0.0.0
Tue Nov 22 08:42:30 2011 us=234000 server_bridge_ip = 0.0.0.0
Tue Nov 22 08:42:30 2011 us=234000 server_bridge_netmask = 0.0.0.0
Tue Nov 22 08:42:30 2011 us=234000 server_bridge_pool_start = 0.0.0.0
Tue Nov 22 08:42:30 2011 us=234000 server_bridge_pool_end = 0.0.0.0
Tue Nov 22 08:42:30 2011 us=234000 ifconfig_pool_defined = DISABLED
Tue Nov 22 08:42:30 2011 us=234000 ifconfig_pool_start = 0.0.0.0
Tue Nov 22 08:42:30 2011 us=234000 ifconfig_pool_end = 0.0.0.0
Tue Nov 22 08:42:30 2011 us=234000 ifconfig_pool_netmask = 0.0.0.0
Tue Nov 22 08:42:30 2011 us=234000 ifconfig_pool_persist_filename = '[UNDEF]'
Tue Nov 22 08:42:30 2011 us=234000 ifconfig_pool_persist_refresh_freq = 600
Tue Nov 22 08:42:30 2011 us=234000 n_bcast_buf = 256
Tue Nov 22 08:42:30 2011 us=234000 tcp_queue_limit = 64
Tue Nov 22 08:42:30 2011 us=250000 real_hash_size = 256
Tue Nov 22 08:42:30 2011 us=250000 virtual_hash_size = 256
Tue Nov 22 08:42:30 2011 us=250000 client_connect_script = '[UNDEF]'
Tue Nov 22 08:42:30 2011 us=250000 learn_address_script = '[UNDEF]'
Tue Nov 22 08:42:30 2011 us=250000 client_disconnect_script = '[UNDEF]'
Tue Nov 22 08:42:30 2011 us=250000 client_config_dir = '[UNDEF]'
Tue Nov 22 08:42:30 2011 us=250000 ccd_exclusive = DISABLED
Tue Nov 22 08:42:30 2011 us=250000 tmp_dir = 'G:\DOCUME~1\home\LOCALS~1\Temp\'
Tue Nov 22 08:42:30 2011 us=250000 push_ifconfig_defined = DISABLED
Tue Nov 22 08:42:30 2011 us=250000 push_ifconfig_local = 0.0.0.0
Tue Nov 22 08:42:30 2011 us=250000 push_ifconfig_remote_netmask = 0.0.0.0
Tue Nov 22 08:42:30 2011 us=250000 enable_c2c = DISABLED
Tue Nov 22 08:42:30 2011 us=250000 duplicate_cn = DISABLED
Tue Nov 22 08:42:30 2011 us=250000 cf_max = 0
Tue Nov 22 08:42:30 2011 us=250000 cf_per = 0
Tue Nov 22 08:42:30 2011 us=250000 max_clients = 1024
Tue Nov 22 08:42:30 2011 us=250000 max_routes_per_client = 256
Tue Nov 22 08:42:30 2011 us=250000 auth_user_pass_verify_script = '[UNDEF]'
Tue Nov 22 08:42:30 2011 us=250000 auth_user_pass_verify_script_via_file = DISABLED
Tue Nov 22 08:42:30 2011 us=250000 ssl_flags = 0
Tue Nov 22 08:42:30 2011 us=250000 client = ENABLED
Tue Nov 22 08:42:30 2011 us=250000 pull = ENABLED
Tue Nov 22 08:42:30 2011 us=250000 auth_user_pass_file = '[UNDEF]'
Tue Nov 22 08:42:30 2011 us=250000 show_net_up = DISABLED
Tue Nov 22 08:42:30 2011 us=250000 route_method = 0
Tue Nov 22 08:42:30 2011 us=250000 ip_win32_defined = DISABLED
Tue Nov 22 08:42:30 2011 us=250000 ip_win32_type = 3
Tue Nov 22 08:42:30 2011 us=250000 dhcp_masq_offset = 0
Tue Nov 22 08:42:30 2011 us=250000 dhcp_lease_time = 31536000
Tue Nov 22 08:42:30 2011 us=250000 tap_sleep = 0
Tue Nov 22 08:42:30 2011 us=250000 dhcp_options = DISABLED
Tue Nov 22 08:42:30 2011 us=281000 dhcp_renew = DISABLED
Tue Nov 22 08:42:30 2011 us=281000 dhcp_pre_release = DISABLED
Tue Nov 22 08:42:30 2011 us=281000 dhcp_release = DISABLED
Tue Nov 22 08:42:30 2011 us=281000 domain = '[UNDEF]'
Tue Nov 22 08:42:30 2011 us=281000 netbios_scope = '[UNDEF]'
Tue Nov 22 08:42:30 2011 us=281000 netbios_node_type = 0
Tue Nov 22 08:42:30 2011 us=281000 disable_nbt = DISABLED
Tue Nov 22 08:42:30 2011 us=281000 OpenVPN 2.2.1 Win32-MSVC++ [SSL] [LZO2] built on Jul 1 2011
Tue Nov 22 08:42:30 2011 us=281000 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Tue Nov 22 08:42:30 2011 us=375000 Control Channel Authentication: using 'ta.key' as a OpenVPN static key file
Tue Nov 22 08:42:30 2011 us=375000 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Tue Nov 22 08:42:30 2011 us=375000 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Tue Nov 22 08:42:30 2011 us=375000 LZO compression initialized
Tue Nov 22 08:42:30 2011 us=375000 Control Channel MTU parms [ L:1590 D:166 EF:66 EB:0 ET:0 EL:0 ]
Tue Nov 22 08:42:30 2011 us=375000 Socket Buffers: R=[8192->8192] S=[8192->8192]
Tue Nov 22 08:42:30 2011 us=375000 Data Channel MTU parms [ L:1590 D:1450 EF:58 EB:135 ET:32 EL:0 AF:3/1 ]
Tue Nov 22 08:42:30 2011 us=375000 Local Options String: 'V4,dev-type tap,link-mtu 1590,tun-mtu 1532,proto UDPv4,comp-lzo,keydir 1,cipher AES-128-CBC,auth SHA1,keysize 128,tls-auth,key-method 2,tls-client'
Tue Nov 22 08:42:30 2011 us=375000 Expected Remote Options String: 'V4,dev-type tap,link-mtu 1590,tun-mtu 1532,proto UDPv4,comp-lzo,keydir 0,cipher AES-128-CBC,auth SHA1,keysize 128,tls-auth,key-method 2,tls-server'
Tue Nov 22 08:42:30 2011 us=375000 Local Options hash (VER=V4): 'a7133b47'
Tue Nov 22 08:42:30 2011 us=375000 Expected Remote Options hash (VER=V4): 'c5677ab3'
Tue Nov 22 08:42:30 2011 us=375000 UDPv4 link local: [undef]
Tue Nov 22 08:42:30 2011 us=375000 UDPv4 link remote: aaa.bbb.ccc.ddd:1194
Tue Nov 22 08:42:30 2011 us=609000 TLS: Initial packet from aaa.bbb.ccc.ddd:1194, sid=af1e561e baee7018
Tue Nov 22 08:42:31 2011 us=734000 VERIFY OK: depth=1, /C=US/ST=WA/L=Seattle/O=PureHome/CN=PureHome_CA/emailAddress=
Tue Nov 22 08:42:31 2011 us=734000 VERIFY OK: nsCertType=SERVER
Tue Nov 22 08:42:31 2011 us=734000 VERIFY OK: depth=0, /C=US/ST=WA/L=Seattle/O=PureHome/CN=server/emailAddress=
Tue Nov 22 08:42:33 2011 us=968000 Data Channel Encrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
Tue Nov 22 08:42:33 2011 us=968000 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Tue Nov 22 08:42:33 2011 us=968000 Data Channel Decrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
Tue Nov 22 08:42:33 2011 us=968000 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Tue Nov 22 08:42:33 2011 us=968000 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Tue Nov 22 08:42:33 2011 us=968000 [server] Peer Connection Initiated with aaa.bbb.ccc.ddd:1194
Tue Nov 22 08:42:36 2011 us=312000 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
Tue Nov 22 08:42:36 2011 us=531000 PUSH: Received control message: 'PUSH_REPLY,route 10.1.10.0 255.255.255.0,route-gateway 10.1.10.101,ping 10,ping-restart 120,ifconfig 10.1.10.205 255.255.255.0'
Tue Nov 22 08:42:36 2011 us=531000 OPTIONS IMPORT: timers and/or timeouts modified
Tue Nov 22 08:42:36 2011 us=531000 OPTIONS IMPORT: --ifconfig/up options modified
Tue Nov 22 08:42:36 2011 us=531000 OPTIONS IMPORT: route options modified
Tue Nov 22 08:42:36 2011 us=531000 OPTIONS IMPORT: route-related options modified
Tue Nov 22 08:42:36 2011 us=546000 ROUTE default_gateway=192.168.1.1
Tue Nov 22 08:42:36 2011 us=562000 TAP-WIN32 device [Ïîäêëþ÷åíèå ïî ëîêàëüíîé ñåòè 2] opened: \\.\Global\{4BCB3874-A276-4174-8BCE-DA88063B0A35}.tap
Tue Nov 22 08:42:36 2011 us=562000 TAP-Win32 Driver Version 9.8
Tue Nov 22 08:42:36 2011 us=562000 TAP-Win32 MTU=1500
Tue Nov 22 08:42:36 2011 us=562000 Notified TAP-Win32 driver to set a DHCP IP/netmask of 10.1.10.205/255.255.255.0 on interface {4BCB3874-A276-4174-8BCE-DA88063B0A35} [DHCP-serv: 10.1.10.0, lease-time: 31536000]
Tue Nov 22 08:42:36 2011 us=562000 Successful ARP Flush on interface [3] {4BCB3874-A276-4174-8BCE-DA88063B0A35}
Tue Nov 22 08:42:41 2011 us=546000 TEST ROUTES: 1/1 succeeded len=1 ret=1 a=0 u/d=up
Tue Nov 22 08:42:41 2011 us=546000 C:\WINDOWS\system32\route.exe ADD 10.1.10.0 MASK 255.255.255.0 10.1.10.101
Tue Nov 22 08:42:41 2011 us=546000 Route addition via IPAPI succeeded [adaptive]
Tue Nov 22 08:42:41 2011 us=546000 Initialization Sequence Completed

Client machine routing table after connection:

PC - Routing Table
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.4 20
10.1.10.0 255.255.255.0 10.1.10.205 10.1.10.205 30
10.1.10.0 255.255.255.0 10.1.10.101 10.1.10.205 1
10.1.10.205 255.255.255.255 127.0.0.1 127.0.0.1 30
10.255.255.255 255.255.255.255 10.1.10.205 10.1.10.205 30
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
192.168.1.0 255.255.255.0 192.168.1.4 192.168.1.4 20
192.168.1.4 255.255.255.255 127.0.0.1 127.0.0.1 20
192.168.1.255 255.255.255.255 192.168.1.4 192.168.1.4 20
224.0.0.0 240.0.0.0 10.1.10.205 10.1.10.205 30
224.0.0.0 240.0.0.0 192.168.1.4 192.168.1.4 20
255.255.255.255 255.255.255.255 10.1.10.205 10.1.10.205 1
255.255.255.255 255.255.255.255 192.168.1.4 192.168.1.4 1

Router - Routing Table
Destination Gateway Genmask Flags MSS Window irtt Iface
109.87.81.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0.2
192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 br0
0.0.0.0 109.87.81.254 0.0.0.0 UG 0 0 0 eth0.2

Any help or tips would be much appreciated!

Many Thanks,
AWBY

[Mimiko]

Disable firewall on the tap adapter on client. From client make a "tracert" to some computer on the server's LAN.

[awby]

Hi Mimiko.
Thank you for your post.

I have disabled the Windows XP firewall on the TAP adapter (and on the network adapter). Still the same problem.

tracert just times out with *'s:

C:\Documents and Settings\Administrator>tracert 10.1.10.1

Tracing route to 10.1.10.1 over a maximum of 30 hops
1 * * * Request timed out.
2 * * * Request timed out.
3 * * * Request timed out.
4 * * * Request timed out.

Can you offer any further suggestions?

Many Thanks!
AWBY

[awby]

It seems that manually removing one of the routes with the following (after a connection has been established) solves the problem:

route DELETE 10.1.10.0 mask 255.255.255.0 10.1.10.101

Why would this fix it?

[maikcat]

please remove from your server config

>push "route 10.1.10.0 255.255.255.0"


also ,did you enabled ip forwarding on server?

what ifconfig shows after openvpn is up?

Michael.

ps: why do you want bridging anyway?

[awby]

Removing the push "route 10.1.10.0 255.255.255.0" line from the server configuration fixed it.

Thank you for the help!