Can't ping/access server from connected client

[kaempfer0080]

Hello all, I'm new to OpenVPN and these forums so I apologize in advance

I'm currently trying to set up an OpenVPN server on a Buffalo WZR-1750DHPD router. The VPN's purpose is to allow remote users to access the shares on a linux server in our office. The linux server has several NICs and is wired to the VPN router with an IP on the VPN's subnet.

As of now I can connect to the server and see my client connected in the status screen, but the client is unable to ping anything on the VPN. I can't ping the router or the linux server. The client is a Windows 7 PC.

Server Config:
Since the server config is set through a GUI, I don't think I can get the usual text file settings; but here's a screenshot of the settings.



Client Config:

Code: Select all

client

dev tun

proto udp

remote 173.162.201.33 1194

resolv-retry infinite

nobind

persist-key
persist-tun

ca ca.crt
cert alex.crt
key alex.key

ns-cert-type server

cipher BF-CBC

comp-lzo

verb 3

And here's the server log:

Code: Select all

Serverlog 20140830 21:31:25 I OpenVPN 2.3.2 arm-unknown-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [MH] [IPv6] built on Mar 24 2014 
20140830 21:31:25 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:14 
20140830 21:31:25 W NOTE: the current --script-security setting may allow this configuration to call user-defined scripts 
20140830 21:31:25 Diffie-Hellman initialized with 1024 bit key 
20140830 21:31:25 Socket Buffers: R=[180224->131072] S=[180224->131072] 
20140830 21:31:25 I TUN/TAP device tun2 opened 
20140830 21:31:25 TUN/TAP TX queue length set to 100 
20140830 21:31:25 I do_ifconfig tt->ipv6=1 tt->did_ifconfig_ipv6_setup=0 
20140830 21:31:25 I /sbin/ifconfig tun2 10.226.67.1 netmask 255.255.255.0 mtu 1500 broadcast 10.226.67.255 
20140830 21:31:27 I UDPv4 link local (bound): [undef] 
20140830 21:31:27 I UDPv4 link remote: [undef] 
20140830 21:31:27 MULTI: multi_init called r=256 v=256 
20140830 21:31:27 IFCONFIG POOL: base=10.226.67.2 size=252 ipv6=0 
20140830 21:31:27 I ifconfig_pool_read() in='alex 10.226.67.2' TODO: IPv6 
20140830 21:31:27 I succeeded -> ifconfig_pool_set() 
20140830 21:31:27 IFCONFIG POOL LIST 
20140830 21:31:27 alex 10.226.67.2 
20140830 21:31:27 I Initialization Sequence Completed 
20140830 21:32:45 <client IP> TLS: Initial packet from [AF_INET]<client IP> sid=3febf220 61c4e324 
20140830 21:32:46 <client IP> VERIFY OK: depth=1 C=US ST=MA L=Amesbury O=Aztec OU=NA CN=AztecVPN name=Aztec VPN Server emailAddress=alexwcase@gmail.com 
20140830 21:32:46 <client IP> VERIFY OK: depth=0 C=US ST=MA L=Amesbury O=Aztec OU=NA CN=alex name=Alex emailAddress=alexwcase@gmail.com 
20140830 21:32:46 <client IP> NOTE: --mute triggered... 
20140830 21:32:46 <client IP> 5 variation(s) on previous 3 message(s) suppressed by --mute 
20140830 21:32:46 I <client IP> [alex] Peer Connection Initiated with [AF_INET]<client IP> 
20140830 21:32:46 I alex/<client IP> MULTI_sva: pool returned IPv4=10.226.67.2 IPv6=(Not enabled) 
20140830 21:32:46 alex/<client IP> MULTI: Learn: 10.226.67.2 -> alex/<client IP> 
20140830 21:32:46 alex/<client IP> MULTI: primary virtual IP for alex/<client IP>: 10.226.67.2 
20140830 21:32:48 alex/<client IP> PUSH: Received control message: 'PUSH_REQUEST' 
20140830 21:32:48 I alex/<client IP> send_push_reply(): safe_cap=940 
20140830 21:32:48 alex/<client IP> SENT CONTROL [alex]: 'PUSH_REPLY route-gateway 10.226.67.1 topology subnet ping 10 ping-restart 120 ifconfig 10.226.67.2 255.255.255.0' (status=1) 
20140830 21:38:33 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:14 
20140830 21:38:33 D MANAGEMENT: CMD 'state' 
20140830 21:38:33 MANAGEMENT: Client disconnected 
20140830 21:38:33 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:14 
20140830 21:38:33 D MANAGEMENT: CMD 'state' 
20140830 21:38:33 MANAGEMENT: Client disconnected 
20140830 21:38:33 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:14 
20140830 21:38:33 D MANAGEMENT: CMD 'state' 
20140830 21:38:33 MANAGEMENT: Client disconnected 
20140830 21:38:33 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:14 
20140830 21:38:33 D MANAGEMENT: CMD 'status 2' 
20140830 21:38:33 MANAGEMENT: Client disconnected 
20140830 21:38:33 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:14 
20140830 21:38:33 D MANAGEMENT: CMD 'log 500' 
20140830 21:38:33 MANAGEMENT: Client disconnected 
20140830 22:32:47 alex/<client IP> VERIFY OK: depth=1 C=US ST=MA L=Amesbury O=Aztec OU=NA CN=AztecVPN name=Aztec VPN Server emailAddress=alexwcase@gmail.com 
20140830 22:32:47 alex/<client IP> VERIFY OK: depth=0 C=US ST=MA L=Amesbury O=Aztec OU=NA CN=alex name=Alex emailAddress=alexwcase@gmail.com 
20140830 22:32:47 alex/<client IP> Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key 
20140830 22:32:47 alex/<client IP> NOTE: --mute triggered... 
20140830 23:46:09 13 variation(s) on previous 3 message(s) suppressed by --mute 
20140830 23:46:09 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:14 
20140830 23:46:09 D MANAGEMENT: CMD 'state' 
20140830 23:46:09 MANAGEMENT: Client disconnected 
20140830 23:46:09 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:14 
20140830 23:46:09 D MANAGEMENT: CMD 'state' 
20140830 23:46:09 MANAGEMENT: Client disconnected 
20140830 23:46:09 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:14 
20140830 23:46:09 D MANAGEMENT: CMD 'state' 
20140830 23:46:09 MANAGEMENT: Client disconnected 
20140830 23:46:10 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:14 
20140830 23:46:10 D MANAGEMENT: CMD 'status 2' 
20140830 23:46:10 MANAGEMENT: Client disconnected 
20140830 23:46:10 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:14 
20140830 23:46:10 D MANAGEMENT: CMD 'log 500' 
19700101 00:00:00 
dh /tmp/openvpn/dh.pem ca /tmp/openvpn/ca.crt cert /tmp/openvpn/cert.pem key /tmp/openvpn/key.pem keepalive 10 120 verb 3 mute 3 syslog writepid /var/run/openvpnd.pid management 127.0.0.1 14 management-log-cache 100 topology subnet script-security 2 port 1194 proto udp cipher bf-cbc auth sha1 client-config-dir /tmp/openvpn/ccd comp-lzo adaptive tls-server ifconfig-pool-persist /tmp/openvpn/ip-pool 86400 client-to-client fast-io tun-mtu 1500 mtu-disc yes server 10.226.67.0 255.255.255.0 dev tun2 tun-ipv6 Clientlog      

I am not using a TLS static key. I originally had a problem with the client and server settings from differences in 'auth' and 'tun mtu'. I fixed those by changing the servers mtu to 1500 and the clients auth to BF-CBC.

If I ipconfig on the client machine, I can see that I have an IP of 10.226.67.2, but no default gateway. I can't ping the linux server on 10.226.67.25 and I can't ping the router at 10.226.67.1.

Any help would be greatly appreciated!

[kaempfer0080]

The 10.226.67.0/24 network is only for the VPN router and one of the linux server NICs. Does it matter that the VPN LAN from the router is the same as it's own LAN? Just to check this I changed my VPN network to 10.22.66.0/24 and I have the same problem. I can't ping 10.22.66.1, 10.226.67.1, or 10.226.67.25(the linux server). I also can't access any of them in windows explorer.

I've also tried hosting an OpenVPN server at home and had the same result of clients being able to connect but can't access anything. I tried it with the router and with running the server off my windows 7 machine.

I just tried the simple point to point setup in the INSTALL section with config files similar to this:

Code: Select all

remote [IP address of B]
    dev tap
    ifconfig 10.3.0.1 255.255.255.0
    secret key
    ping 10
    verb 3
    mute 10

Code: Select all

remote [IP address of A]
    dev tap
    ifconfig 10.3.0.2 255.255.255.0
    secret key
    ping 10
    verb 3
    mute 10

I did this connection with my laptop connected to my neighbors WIFI(with his permission) and my desktop on my home connection. Laptop running windows 8 and PC running windows 7. I had the same issue where they can connect to each other and have IPs but can't access or ping each other.

Could it be a firewall issue? Whether it's on the router or the windows firewall? I don't have any machines running linux natively(aside from the server at work), only on VMs.

[kaempfer0080]

I'm able to use the VPN correctly now. The first problem was as Traffic said, the VPN and LANs were conflicting. The other problem was with Windows and that tun/tap adapter. I had to right click it, go to properties, configure, media state => set to Always Connected.

After both of those changes I can log on, ping the server and router, connect to the server in windows explorer, and bring up the router config in my browser.

However, I'm concerned if this fix is appropriate or not? Is it safe to leave the tap adapter in "always connected" mode?