VPN won't route across bridge

[cxe@cxeonline.com]

Hello,
I'm fairly new to OpenVPN but have some networking experience in general
Yesterday and today I have setup OpenVPN on a few different client's Windows servers following the guide here https://community.openvpn.net/openvpn/w ... dows_Guide. I haven't really been able to get it to even ping the server it is installed on without setting it to bridge mode and bridging the TAP adapter and the Ethernet adapter of the server, but doing that seems to let me be able to ping the server.
Yesterday afternoon I was even able to ping other devices on the network over the VPN and setup one of the employees to print into the office printer from home. Today nothing will ping except the server the OpenVPN software is actually running on. This includes both the original server and one more that I bridged the Ethernet adapter in.
I've gone through the config file and tried a few different settings, then reset it and just done what seem to be normal settings and nothing lets me connect to anything except the server.
I've run out of ideas, hoping someone here has run into a similar problem or has some idea where else I can look to trace the problem. Thanks for taking the time to look at this.

server config:

View Originalserver config

local 192.168.1.2

port 1194

# TCP or UDP server?
;proto tcp
proto udp

dev tap
;dev tun

ca ca.crt
cert server.crt
key server.key # This file should be kept secret

dh dh2048.pem

topology subnet


;server 192.168.200.0 255.255.255.0

;ifconfig-pool-persist ipp.txt

server-bridge 192.168.200.4 255.255.255.0 192.168.200.50 192.168.200.100

;server-bridge

push "route 192.168.1.0 255.255.255.0"
;push "route 192.168.20.0 255.255.255.0"

duplicate-cn

keepalive 10 120

tls-auth ta.key 0 # This file is secret

cipher AES-256-CBC

persist-key
persist-tun

status openvpn-status.log

;log openvpn.log
;log-append openvpn.log

verb 3

# Silence repeating messages. At most 20
# sequential messages of the same message
# category will be output to the log.
;mute 20

# Notify the client that when the server restarts so it
# can automatically reconnect.
explicit-exit-notify 1

View Originalclient config

client

dev tap
;dev tun

;proto tcp
proto udp

remote remote.myclient.com 1194

resolv-retry infinite

nobind

persist-key
persist-tun

ca ca.crt

cert Office-VPN.crt

key VOffice-VPN.key

remote-cert-tls server

tls-auth ta.key 1

cipher AES-256-CBC

# Set log file verbosity.
verb 3

# Silence repeating messages
;mute 20

[TinCanTech]

Do not use a bridge

[cxe@cxeonline.com]

Ok... I'm fine with this in general, but so far I haven't gotten it to do anything at all without the bridge. Here's config files from a 3rd server that I've tried to setup without the bridging if someone could please take a look and see if I'm missing something.

View Originalnon-bridged server config

# Which local IP address should OpenVPN
# listen on? (optional)
local 10.0.0.2

port 1194

# TCP or UDP server?
;proto tcp
proto udp

#
dev tap
;dev tun

ca "C:\\Program Files\\OpenVPN\\config\\ca.crt"
cert "C:\\Program Files\\OpenVPN\\config\\server.crt"

key "C:\\Program Files\\OpenVPN\\config\\server.key"

dh "C:\\Program Files\\OpenVPN\\config\\dh2048.pem"

topology subnet

# Configure server mode and supply a VPN subnet
# for OpenVPN to draw client addresses from.
# The server will take 10.8.0.1 for itself,
# the rest will be made available to clients.
# Each client will be able to reach the server
# on 10.8.0.1. Comment this line out if you are
# ethernet bridging. See the man page for more info.
server 10.9.0.0 255.255.255.0

;ifconfig-pool-persist ipp.txt

# Configure server mode for ethernet bridging.
# You must first use your OS's bridging capability
# to bridge the TAP interface with the ethernet
# NIC interface. Then you must manually set the
# IP/netmask on the bridge interface, here we
# assume 10.8.0.4/255.255.255.0. Finally we
# must set aside an IP range in this subnet
# (start=10.8.0.50 end=10.8.0.100) to allocate
# to connecting clients. Leave this line commented
# out unless you are ethernet bridging.
;server-bridge 10.9.0.4 255.255.255.0 10.9.0.50 10.9.0.100

push "route 10.0.0.0 255.255.255.0"
;push "route 192.168.20.0 255.255.255.0"


push "dhcp-option DNS 10.0.0.2"
;push "dhcp-option DNS 208.67.220.220"

duplicate-cn

keepalive 10 120

tls-auth ta.key 0 # This file is secret

cipher AES-256-CBC

persist-key
persist-tun

# Output a short status file showing
# current connections, truncated
# and rewritten every minute.
status openvpn-status.log

log openvpn.log


# Set the appropriate level of log
# file verbosity.
#
# 0 is silent, except for fatal errors
# 4 is reasonable for general usage
# 5 and 6 can help to debug connection problems
# 9 is extremely verbose
verb 3

# Silence repeating messages. At most 20
# sequential messages of the same message
# category will be output to the log.
;mute 20

# Notify the client that when the server restarts so it
# can automatically reconnect.
explicit-exit-notify 1

and of course

View Originalnon-bridging client config

client

dev tap
;dev tun

;dev-node MyTap

;proto tcp
proto udp

remote myclient.no-ip.org 1194

;remote-random

resolv-retry infinite

nobind

# Try to preserve some state across restarts.
persist-key
persist-tun

ca ca.crt

cert my-VPN.crt

key my-VPN.key


remote-cert-tls server

tls-auth ta.key 1

cipher AES-256-CBC

# Set log file verbosity.
verb 3

# Silence repeating messages
;mute 20

Again, thanks for taking a look

[cxe@cxeonline.com]

Anybody have an idea what might need to be done to get this working?

[TinCanTech]

Yesterday afternoon I was even able to ping other devices on the network over the VPN and setup one of the employees to print into the office printer from home. Today nothing will ping except the server the OpenVPN software is actually running on

This is an unsupportable position to be in.

Simply follow the Howto and setup a standard VPN server.

If you want something more complicated you will need to expand your knowledge of networking.

You can contact me privately for assistance: tincanteksup <at> gmail (Fees apply)