Problems with RoadWarrior Setup on Windows Server 2008

[reuben]

I followed this guide to setup an OpenVPN RoadWarrior in bridged mode.

However although a connection is established without any problems, can't seem to access anything within the Network. None of the servers can be pinged. I have disabled Windows Firewall to test.

Please note I'm quite the noob.

I am trying to configure remote access to our company's network so that users can access their network drives/Exchange remotely while on the move.

I am running Windows Server 2008 and Exchange Server 2007. This server is sitting on 192.168.100.100 with mask of 255.255.255.0.
I have enabled RRAS. I also have edited the registry to IPEnableRouter registry key to 1.

DHCP assignment is being done via a simple DLink router on 192.168.100.254. I have set it to only assign within 192.168.100.2-192.168.100.99 so there is no conflict. Portforwarding has been setup to 1194 udp to 192.168.100.100

Server Config:

local 192.168.100.100
port 1194
proto udp

dev tap

ca ca.crt
cert server.crt
key server.key
dh dh1024.pem

server-bridge 192.168.100.100 255.255.255.0 192.168.100.240 192.168.100.250

keepalive 10 120
comp-lzo
status openvpn-status.log
verb 3

Client Config

remote reddi.dnsalias.org 1194 ; EDIT THIS LINE

client
proto udp
dev tap

ca ca.crt
cert reuben.crt
key reuben.key

resolv-retry infinite
nobind
persist-key
persist-tun

comp-lzo
verb 3

OpenVPN Log

Mon Dec 13 14:07:20 2010 OpenVPN 2.1.4 i686-pc-mingw32 [SSL] [LZO2] [PKCS11] built on Nov 8 2010
Mon Dec 13 14:07:20 2010 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Mon Dec 13 14:07:20 2010 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Mon Dec 13 14:07:20 2010 LZO compression initialized
Mon Dec 13 14:07:20 2010 Control Channel MTU parms [ L:1574 D:138 EF:38 EB:0 ET:0 EL:0 ]
Mon Dec 13 14:07:20 2010 Socket Buffers: R=[8192->8192] S=[8192->8192]
Mon Dec 13 14:07:20 2010 Data Channel MTU parms [ L:1574 D:1450 EF:42 EB:135 ET:32 EL:0 AF:3/1 ]
Mon Dec 13 14:07:20 2010 Local Options hash (VER=V4): 'd79ca330'
Mon Dec 13 14:07:20 2010 Expected Remote Options hash (VER=V4): 'f7df56b8'
Mon Dec 13 14:07:20 2010 UDPv4 link local: [undef]
Mon Dec 13 14:07:20 2010 UDPv4 link remote: 175.141.52.135:1194
Mon Dec 13 14:07:20 2010 TLS: Initial packet from 175.141.52.135:1194, sid=98c26e24 d74e3229
Mon Dec 13 14:07:22 2010 VERIFY OK: depth=1, /C=MY/ST=SARAWAK/L=Kuching/O=Reddi/CN=ReddiVPN/emailAddress=Administrator@reddi.com.my
Mon Dec 13 14:07:22 2010 VERIFY OK: depth=0, /C=MY/ST=SARAWAK/O=Reddi/CN=server/emailAddress=Administrator@reddi.com.my
Mon Dec 13 14:07:32 2010 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Mon Dec 13 14:07:32 2010 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Mon Dec 13 14:07:32 2010 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Mon Dec 13 14:07:32 2010 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Mon Dec 13 14:07:32 2010 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Mon Dec 13 14:07:32 2010 [server] Peer Connection Initiated with 175.141.52.135:1194
Mon Dec 13 14:07:34 2010 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
Mon Dec 13 14:07:34 2010 PUSH: Received control message: 'PUSH_REPLY,route-gateway 192.168.100.100,ping 10,ping-restart 120,ifconfig 192.168.100.240 255.255.255.0'
Mon Dec 13 14:07:34 2010 OPTIONS IMPORT: timers and/or timeouts modified
Mon Dec 13 14:07:34 2010 OPTIONS IMPORT: --ifconfig/up options modified
Mon Dec 13 14:07:34 2010 OPTIONS IMPORT: route-related options modified
Mon Dec 13 14:07:34 2010 TAP-WIN32 device [Local Area Connection 3] opened: \\.\Global\{F366DFAF-8B13-473C-8166-85959A18BF54}.tap
Mon Dec 13 14:07:34 2010 TAP-Win32 Driver Version 9.7
Mon Dec 13 14:07:34 2010 TAP-Win32 MTU=1500
Mon Dec 13 14:07:34 2010 Notified TAP-Win32 driver to set a DHCP IP/netmask of 192.168.100.240/255.255.255.0 on interface {F366DFAF-8B13-473C-8166-85959A18BF54} [DHCP-serv: 192.168.100.0, lease-time: 31536000]
Mon Dec 13 14:07:34 2010 Successful ARP Flush on interface [31] {F366DFAF-8B13-473C-8166-85959A18BF54}
Mon Dec 13 14:07:39 2010 TEST ROUTES: 0/0 succeeded len=-1 ret=1 a=0 u/d=up
Mon Dec 13 14:07:39 2010 Initialization Sequence Completed

[gladiatr72]

Hello,

The only thing you didn't mention was setting up the bridge between your tap-win32 device and your ethernet card. Assuming you've taken care of that, please post the tap-related bits of ipconfig /all and your client routing table (netstat -rn).

Otherwise, your configuration looks correct. If the bridge isn't configured on your windows box, though, there's no way for your packets to connect to your office network.

Regards,
Stephen

[jhunax]

...i have been trying to setup bridging also, is it supported on Windows Server 2008? when I select the two interfaces to bridge, the bridge options is disabled.