OpenVPN Support Forum

Here is the netstat -nr

Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
10.8.0.2 0.0.0.0 255.255.255.255 UH 0 0 0 tun0
192.168.11.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
10.8.0.0 10.8.0.2 255.255.255.0 UG 0 0 0 tun0
169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth0
0.0.0.0 192.168.11.1 0.0.0.0 UG 0 0 0 eth0

C:\Users\User>ping 192.168.11.5

Pinging 192.168.11.5 with 32 bytes of data:
Request timed out.
Request timed out.
Request timed out.
Request timed out.

Ping statistics for 192.168.11.5:
Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),

C:\Users\User>ping 10.8.0.6

Pinging 10.8.0.6 with 32 bytes of data:
Reply from 10.8.0.6: bytes=32 time<1ms TTL=128
Reply from 10.8.0.6: bytes=32 time<1ms TTL=128
Reply from 10.8.0.6: bytes=32 time<1ms TTL=128
Reply from 10.8.0.6: bytes=32 time<1ms TTL=128

Ping statistics for 10.8.0.6:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms

C:\Users\User>ping 10.8.0.1

Pinging 10.8.0.1 with 32 bytes of data:
Reply from 10.8.0.1: bytes=32 time=29ms TTL=249
Reply from 10.8.0.1: bytes=32 time=10ms TTL=249
Reply from 10.8.0.1: bytes=32 time=11ms TTL=249
Reply from 10.8.0.1: bytes=32 time=11ms TTL=249

Ping statistics for 10.8.0.1:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 10ms, Maximum = 29ms, Average = 15ms

C:\Users\User>ipconfig /all

Windows IP Configuration

Host Name . . . . . . . . . . . . : ********************
Primary Dns Suffix . . . . . . . : ********************
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : *******************
neo.rr.com

Ethernet adapter Local Area Connection 2:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : TAP-Win32 Adapter V9
Physical Address. . . . . . . . . : 00-FF-AE-4A-E2-6A
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2620:9b::5b7:f041(Preferred)
Link-local IPv6 Address . . . . . : fe80::dd2d:738:6ef:b703%15(Preferred)
IPv4 Address. . . . . . . . . . . : 10.8.0.6(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.252
Lease Obtained. . . . . . . . . . : Thursday, September 15, 2011 9:48:25 AM
Lease Expires . . . . . . . . . . : Friday, September 14, 2012 9:48:25 AM
Default Gateway . . . . . . . . . :
DHCP Server . . . . . . . . . . . : 10.8.0.5
DHCPv6 IAID . . . . . . . . . . . : 486604718
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-15-2D-49-AF-00-23-7D-2C-AF-EF
DNS Servers . . . . . . . . . . . : 192.168.11.230
NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . : neo.rr.com
Description . . . . . . . . . . . : Realtek RTL8168C(P)/8111C(P) Family PCI-E Gigabit Ethernet NIC (NDIS 6.20)
Physical Address. . . . . . . . . : 00-23-7D-2C-AF-EF
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::693a:fc12:33ea:b247%10(Preferred)
IPv4 Address. . . . . . . . . . . : 96.11.102.37(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Thursday, September 15, 2011 9:44:13 AM
Lease Expires . . . . . . . . . . : Thursday, September 15, 2011 10:44:13 AM
Default Gateway . . . . . . . . . : 96.11.102.1
DHCP Server . . . . . . . . . . . : 10.53.64.1
DHCPv6 IAID . . . . . . . . . . . : 234890109
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-15-2D-49-AF-00-23-7D-2C-AF-EF
DNS Servers . . . . . . . . . . . : 209.18.47.61
209.18.47.62
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.{AE4AE26A-FDFC-4D43-8A50-916BEA6E7E61}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:4137:9e76:246d:3adf:9ff4:99da(Preferred)
Link-local IPv6 Address . . . . . : fe80::246d:3adf:9ff4:99da%11(Preferred)
Default Gateway . . . . . . . . . :
NetBIOS over Tcpip. . . . . . . . : Disabled

Tunnel adapter isatap.neo.rr.com:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : neo.rr.com
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #3
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

if you want to pass the entire traffic through your vpn tunnel
take a look here:

topic7806.html

also can you please post the output of iptables -L
did you enabled ip forwarding on openvpn server?

ps: there are examples on doc section on openvpn site mentioning what you want.

Michael.

I did enable the ip forwarding, the biggest issue even more than the connecting to the internet is getting them into our lan her and having the ability to see all of the different machines in the network by name. I will post the iptables -L as well

Chain INPUT (policy ACCEPT)
target prot opt source destination

Chain FORWARD (policy ACCEPT)
target prot opt source destination

Chain OUTPUT (policy ACCEPT)
target prot opt source destination
nanotronics@nifs2:~$

can you please post the output of netstat -nr on your client pc?

what version of windows your client has?

Michael

Microsoft Windows [Version 6.1.7601]
Copyright (c) 2009 Microsoft Corporation. All rights reserved.

C:\Users\User>netstat -nr
===========================================================================
Interface List
15...00 ff ae 4a e2 6a ......TAP-Win32 Adapter V9
10...00 23 7d 2c af ef ......Realtek RTL8168C(P)/8111C(P) Family PCI-E Gigabit Ethernet NIC (NDIS 6.20)
1...........................Software Loopback Interface 1
14...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
11...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
13...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter
17...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #3
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 96.11.102.1 96.11.102.37 20
96.11.102.0 255.255.255.0 On-link 96.11.102.37 276
96.11.102.37 255.255.255.255 On-link 96.11.102.37 276
96.11.102.255 255.255.255.255 On-link 96.11.102.37 276
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 96.11.102.37 276
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 96.11.102.37 276
===========================================================================
Persistent Routes:
Network Address Netmask Gateway Address Metric
10.8.0.0 255.255.255.0 192.168.11.5 1
===========================================================================

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
13 1125 ::/0 2002:c058:6301::c058:6301
1 306 ::1/128 On-link
11 58 2001::/32 On-link
11 306 2001:0:4137:9e76:3417:35e9:9ff4:99da/128
On-link
13 1025 2002::/16 On-link
13 281 2002:600b:6625::600b:6625/128
On-link
10 276 fe80::/64 On-link
11 306 fe80::/64 On-link
11 306 fe80::3417:35e9:9ff4:99da/128
On-link
10 276 fe80::693a:fc12:33ea:b247/128
On-link
1 306 ff00::/8 On-link
11 306 ff00::/8 On-link
10 276 ff00::/8 On-link
===========================================================================
Persistent Routes:
If Metric Network Destination Gateway
0 4294967295 2620:9b::/96 On-link
===========================================================================

your client seems that is not getting the route for your lan..

please post:

server config (to verify something)
server log (to check if it is indeed pushing the route to your client)
client log (to check if your client recieves the routes)

you do run openvpn with admin rights,yeah?

Michael.

Here is the server config file with everything


local 192.168.11.5
port 1194
;proto tcp
proto udp
dev tun
;dev-node MyTap
ca easy-rsa/keys/ca.crt
cert easy-rsa/keys/server.crt
key easy-rsa/keys/server.key # This file should be kept secret
dh easy-rsa/keys/dh1024.pem
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
;server-bridge 192.168.11.5 255.255.255.0 192.168.11.100 192.168.11.120
;server-bridge
push "route 192.168.11.0 255.255.255.0"
;push "route 192.168.20.0 255.255.255.0"
;learn-address ./script
;push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS 192.168.11.230"
;push "dhcp-option DNS 192.168.11.1"
client-to-client
;duplicate-cn
keepalive 10 120
;tls-auth ta.key 0 # This file is secret
;cipher BF-CBC # Blowfish (default)
;cipher AES-128-CBC # AES
;cipher DES-EDE3-CBC # Triple-DES
comp-lzo
;max-clients 100
user nobody
group nogroup
persist-key
persist-tun
verb 3
;mute 20

server log file

efused (code=111)
Sep 9 09:33:58 nifs2 ovpn-server[2247]: last message repeated 3 times
Sep 9 09:33:58 nifs2 dhclient: Discarding packet with bogus hlen.
Sep 9 09:33:59 nifs2 ovpn-server[2247]: read UDPv4 [ECONNREFUSED]: Connection refused (code=111)
Sep 9 09:34:03 nifs2 dhclient: Discarding packet with bogus hlen.
Sep 9 09:34:06 nifs2 dhclient: Discarding packet with bogus hlen.
Sep 9 09:34:09 nifs2 ovpn-server[2247]: read UDPv4 [ECONNREFUSED]: Connection refused (code=111)
Sep 9 09:35:00 nifs2 ovpn-server[2247]: last message repeated 5 times
Sep 9 09:35:00 nifs2 ovpn-server[2247]: MULTI: multi_create_instance called
Sep 9 09:35:00 nifs2 ovpn-server[2247]: 174.252.214.97:12969 Re-using SSL/TLS context
Sep 9 09:35:00 nifs2 ovpn-server[2247]: 174.252.214.97:12969 LZO compression initialized
Sep 9 09:35:00 nifs2 ovpn-server[2247]: 174.252.214.97:12969 Control Channel MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ]
Sep 9 09:35:00 nifs2 ovpn-server[2247]: 174.252.214.97:12969 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
Sep 9 09:35:00 nifs2 ovpn-server[2247]: 174.252.214.97:12969 Local Options hash (VER=V4): '530fdded'
Sep 9 09:35:00 nifs2 ovpn-server[2247]: 174.252.214.97:12969 Expected Remote Options hash (VER=V4): '41690919'
Sep 9 09:35:00 nifs2 ovpn-server[2247]: 174.252.214.97:12969 TLS: Initial packet from [AF_INET]174.252.214.97:12969, sid=88740b0d 173c6931
Sep 9 09:35:02 nifs2 ovpn-server[2247]: 174.252.214.97:12969 VERIFY OK: depth=1, /C=US/ST=OH/L=CFalls/O=Nanotronicsimaging/CN=Nanotronicsimaging_CA/emailAddress=dbradley@nanotronicsimaging.com
Sep 9 09:35:02 nifs2 ovpn-server[2247]: 174.252.214.97:12969 VERIFY OK: depth=0, /C=US/ST=OH/L=CFalls/O=Nanotronicsimaging/CN=drb/emailAddress=dbradley@nanotronicsimaging.com
Sep 9 09:35:09 nifs2 ovpn-server[2247]: read UDPv4 [ECONNREFUSED]: Connection refused (code=111)
Sep 9 09:35:11 nifs2 ovpn-server[2247]: 174.252.214.97:12969 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Sep 9 09:35:11 nifs2 ovpn-server[2247]: 174.252.214.97:12969 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Sep 9 09:35:11 nifs2 ovpn-server[2247]: 174.252.214.97:12969 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Sep 9 09:35:11 nifs2 ovpn-server[2247]: 174.252.214.97:12969 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Sep 9 09:35:11 nifs2 ovpn-server[2247]: 174.252.214.97:12969 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Sep 9 09:35:11 nifs2 ovpn-server[2247]: 174.252.214.97:12969 [drb] Peer Connection Initiated with [AF_INET]174.252.214.97:12969
Sep 9 09:35:11 nifs2 ovpn-server[2247]: MULTI: new connection by client 'drb' will cause previous active sessions by this client to be dropped. Remember to use the --duplicate-cn option if you want multiple clients using the same certificate or username to concurrently connect.
Sep 9 09:35:11 nifs2 ovpn-server[2247]: MULTI: Learn: 10.8.0.6 -> drb/174.252.214.97:12969
Sep 9 09:35:11 nifs2 ovpn-server[2247]: MULTI: primary virtual IP for drb/174.252.214.97:12969: 10.8.0.6
Sep 9 09:35:13 nifs2 ovpn-server[2247]: drb/174.252.214.97:12969 PUSH: Received control message: 'PUSH_REQUEST'
Sep 9 09:35:13 nifs2 ovpn-server[2247]: drb/174.252.214.97:12969 SENT CONTROL [drb]: 'PUSH_REPLY,route 192.168.11.0 255.255.255.0,dhcp-option DNS 192.168.11.230,route 10.8.0.0 255.255.255.0,topology net30,ping 10,ping-restart 120,ifconfig 10.8.0.6 10.8.0.5' (status=1)
Sep 9 09:35:28 nifs2 dhclient: Discarding packet with bogus hlen.

Mon Sep 19 09:38:12 2011 OpenVPN 2.2.1 Win32-MSVC++ [SSL] [LZO2] built on Jul 1 2011
Mon Sep 19 09:38:12 2011 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Mon Sep 19 09:38:12 2011 LZO compression initialized
Mon Sep 19 09:38:12 2011 Control Channel MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ]
Mon Sep 19 09:38:12 2011 Socket Buffers: R=[8192->8192] S=[8192->8192]
Mon Sep 19 09:38:12 2011 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
Mon Sep 19 09:38:12 2011 Local Options hash (VER=V4): '41690919'
Mon Sep 19 09:38:12 2011 Expected Remote Options hash (VER=V4): '530fdded'
Mon Sep 19 09:38:12 2011 UDPv4 link local: [undef]
Mon Sep 19 09:38:12 2011 UDPv4 link remote: 96.11.102.194:1194
Mon Sep 19 09:38:12 2011 TLS: Initial packet from 96.11.102.194:1194, sid=97eb5081 e82ed7c7
Mon Sep 19 09:38:12 2011 VERIFY OK: depth=1, /C=US/ST=OH/L=CFalls/O=Nanotronicsimaging/CN=Nanotronicsimaging_CA/emailAddress=dbradley@nanotronicsimaging.com
Mon Sep 19 09:38:12 2011 VERIFY OK: nsCertType=SERVER
Mon Sep 19 09:38:12 2011 VERIFY OK: depth=0, /C=US/ST=OH/L=CFalls/O=Nanotronicsimaging/CN=server/emailAddress=dbradley@nanotronicsimaging.com
Mon Sep 19 09:38:13 2011 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Mon Sep 19 09:38:13 2011 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Mon Sep 19 09:38:13 2011 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Mon Sep 19 09:38:13 2011 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Mon Sep 19 09:38:13 2011 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Mon Sep 19 09:38:13 2011 [server] Peer Connection Initiated with 96.11.102.194:1194
Mon Sep 19 09:38:15 2011 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
Mon Sep 19 09:38:15 2011 PUSH: Received control message: 'PUSH_REPLY,route 192.168.11.0 255.255.255.0,dhcp-option DNS 192.168.11.230,route 10.8.0.0 255.255.255.0,topology net30,ping 10,ping-restart 120,ifconfig 10.8.0.6 10.8.0.5'
Mon Sep 19 09:38:15 2011 OPTIONS IMPORT: timers and/or timeouts modified
Mon Sep 19 09:38:15 2011 OPTIONS IMPORT: --ifconfig/up options modified
Mon Sep 19 09:38:15 2011 OPTIONS IMPORT: route options modified
Mon Sep 19 09:38:15 2011 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Mon Sep 19 09:38:15 2011 ROUTE default_gateway=96.11.102.1
Mon Sep 19 09:38:15 2011 TAP-WIN32 device [Local Area Connection 2] opened: \\.\Global\{AE4AE26A-FDFC-4D43-8A50-916BEA6E7E61}.tap
Mon Sep 19 09:38:15 2011 TAP-Win32 Driver Version 9.8
Mon Sep 19 09:38:15 2011 TAP-Win32 MTU=1500
Mon Sep 19 09:38:15 2011 Notified TAP-Win32 driver to set a DHCP IP/netmask of 10.8.0.6/255.255.255.252 on interface {AE4AE26A-FDFC-4D43-8A50-916BEA6E7E61} [DHCP-serv: 10.8.0.5, lease-time: 31536000]
Mon Sep 19 09:38:15 2011 NOTE: FlushIpNetTable failed on interface [15] {AE4AE26A-FDFC-4D43-8A50-916BEA6E7E61} (status=5) : Access is denied.

your server config is ok

i noticed this:

>NOTE: FlushIpNetTable failed on interface [15] {AE4AE26A-FDFC-4D43-8A50-916BEA6E7E61} (status=5) : Access is denied.


do you run openvpn on your client with admin rights?

Michael.

Yes I do I run it as root

server is root and clients are admin

Tue Sep 20 08:06:25 2011 OpenVPN 2.2.1 Win32-MSVC++ [SSL] [LZO2] built on Jul 1 2011
Tue Sep 20 08:06:25 2011 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Tue Sep 20 08:06:25 2011 LZO compression initialized
Tue Sep 20 08:06:25 2011 Control Channel MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ]
Tue Sep 20 08:06:25 2011 Socket Buffers: R=[8192->8192] S=[8192->8192]
Tue Sep 20 08:06:25 2011 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
Tue Sep 20 08:06:25 2011 Local Options hash (VER=V4): '41690919'
Tue Sep 20 08:06:25 2011 Expected Remote Options hash (VER=V4): '530fdded'
Tue Sep 20 08:06:25 2011 UDPv4 link local: [undef]
Tue Sep 20 08:06:25 2011 UDPv4 link remote: 96.11.102.194:1194
Tue Sep 20 08:06:25 2011 TLS: Initial packet from 96.11.102.194:1194, sid=4453b5e2 3089bcc6
Tue Sep 20 08:06:25 2011 VERIFY OK: depth=1, /C=US/ST=OH/L=CFalls/O=Nanotronicsimaging/CN=Nanotronicsimaging_CA/emailAddress=dbradley@nanotronicsimaging.com
Tue Sep 20 08:06:25 2011 VERIFY OK: nsCertType=SERVER
Tue Sep 20 08:06:25 2011 VERIFY OK: depth=0, /C=US/ST=OH/L=CFalls/O=Nanotronicsimaging/CN=server/emailAddress=dbradley@nanotronicsimaging.com
Tue Sep 20 08:06:25 2011 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Tue Sep 20 08:06:25 2011 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Tue Sep 20 08:06:25 2011 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Tue Sep 20 08:06:25 2011 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Tue Sep 20 08:06:25 2011 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Tue Sep 20 08:06:25 2011 [server] Peer Connection Initiated with 96.11.102.194:1194
Tue Sep 20 08:06:27 2011 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
Tue Sep 20 08:06:27 2011 PUSH: Received control message: 'PUSH_REPLY,route 192.168.11.0 255.255.255.0,dhcp-option DNS 192.168.11.230,route 10.8.0.0 255.255.255.0,topology net30,ping 10,ping-restart 120,ifconfig 10.8.0.6 10.8.0.5'
Tue Sep 20 08:06:27 2011 OPTIONS IMPORT: timers and/or timeouts modified
Tue Sep 20 08:06:27 2011 OPTIONS IMPORT: --ifconfig/up options modified
Tue Sep 20 08:06:27 2011 OPTIONS IMPORT: route options modified
Tue Sep 20 08:06:27 2011 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Tue Sep 20 08:06:27 2011 ROUTE default_gateway=96.11.102.1
Tue Sep 20 08:06:27 2011 TAP-WIN32 device [Local Area Connection 2] opened: \\.\Global\{AE4AE26A-FDFC-4D43-8A50-916BEA6E7E61}.tap
Tue Sep 20 08:06:27 2011 TAP-Win32 Driver Version 9.8
Tue Sep 20 08:06:27 2011 TAP-Win32 MTU=1500
Tue Sep 20 08:06:27 2011 Notified TAP-Win32 driver to set a DHCP IP/netmask of 10.8.0.6/255.255.255.252 on interface {AE4AE26A-FDFC-4D43-8A50-916BEA6E7E61} [DHCP-serv: 10.8.0.5, lease-time: 31536000]
Tue Sep 20 08:06:27 2011 Successful ARP Flush on interface [15] {AE4AE26A-FDFC-4D43-8A50-916BEA6E7E61}

Tue Sep 20 11:16:25 2011 OpenVPN 2.2.0 Win32-MSVC++ [SSL] [LZO2] built on Apr 26 2011
Tue Sep 20 11:16:25 2011 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Tue Sep 20 11:16:25 2011 LZO compression initialized
Tue Sep 20 11:16:25 2011 Control Channel MTU parms [ L:1574 D:138 EF:38 EB:0 ET:0 EL:0 ]
Tue Sep 20 11:16:25 2011 Socket Buffers: R=[8192->8192] S=[8192->8192]
Tue Sep 20 11:16:25 2011 Data Channel MTU parms [ L:1574 D:1450 EF:42 EB:135 ET:32 EL:0 AF:3/1 ]
Tue Sep 20 11:16:25 2011 Local Options hash (VER=V4): 'd79ca330'
Tue Sep 20 11:16:25 2011 Expected Remote Options hash (VER=V4): 'f7df56b8'
Tue Sep 20 11:16:25 2011 UDPv4 link local: [undef]
Tue Sep 20 11:16:25 2011 UDPv4 link remote: 96.11.102.194:1194
Tue Sep 20 11:16:25 2011 TLS: Initial packet from 96.11.102.194:1194, sid=708e4126 c84fa9f2
Tue Sep 20 11:16:25 2011 VERIFY OK: depth=1, /C=US/ST=OH/L=CFalls/O=Nanotronicsimaging/CN=Nanotronicsimaging_CA/emailAddress=dbradley@nanotronicsimaging.com
Tue Sep 20 11:16:25 2011 VERIFY OK: nsCertType=SERVER
Tue Sep 20 11:16:25 2011 VERIFY OK: depth=0, /C=US/ST=OH/L=CFalls/O=Nanotronicsimaging/CN=server/emailAddress=dbradley@nanotronicsimaging.com
Tue Sep 20 11:16:25 2011 WARNING: 'dev-type' is used inconsistently, local='dev-type tap', remote='dev-type tun'
Tue Sep 20 11:16:25 2011 WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1574', remote='link-mtu 1542'
Tue Sep 20 11:16:25 2011 WARNING: 'tun-mtu' is used inconsistently, local='tun-mtu 1532', remote='tun-mtu 1500'
Tue Sep 20 11:16:25 2011 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Tue Sep 20 11:16:25 2011 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Tue Sep 20 11:16:25 2011 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Tue Sep 20 11:16:25 2011 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Tue Sep 20 11:16:25 2011 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Tue Sep 20 11:16:25 2011 [server] Peer Connection Initiated with 96.11.102.194:1194
Tue Sep 20 11:16:28 2011 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
Tue Sep 20 11:16:28 2011 PUSH: Received control message: 'PUSH_REPLY,route 192.168.11.0 255.255.255.0,dhcp-option DNS 192.168.11.230,route 10.8.0.0 255.255.255.0,topology net30,ping 10,ping-restart 120,ifconfig 10.8.0.10 10.8.0.9'
Tue Sep 20 11:16:28 2011 OPTIONS IMPORT: timers and/or timeouts modified
Tue Sep 20 11:16:28 2011 OPTIONS IMPORT: --ifconfig/up options modified
Tue Sep 20 11:16:28 2011 OPTIONS IMPORT: route options modified
Tue Sep 20 11:16:28 2011 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Tue Sep 20 11:16:28 2011 WARNING: Since you are using --dev tap, the second argument to --ifconfig must be a netmask, for example something like 255.255.255.0. (silence this warning with --ifconfig-nowarn)
Tue Sep 20 11:16:28 2011 ROUTE default_gateway=96.11.102.1
Tue Sep 20 11:16:28 2011 OpenVPN ROUTE: OpenVPN needs a gateway parameter for a --route option and no default was specified by either --route-gateway or --ifconfig options
Tue Sep 20 11:16:28 2011 OpenVPN ROUTE: failed to parse/resolve route for host/network: 192.168.11.0
Tue Sep 20 11:16:28 2011 OpenVPN ROUTE: OpenVPN needs a gateway parameter for a --route option and no default was specified by either --route-gateway or --ifconfig options
Tue Sep 20 11:16:28 2011 OpenVPN ROUTE: failed to parse/resolve route for host/network: 10.8.0.0
Tue Sep 20 11:16:28 2011 TAP-WIN32 device [Local Area Connection 2] opened: \\.\Global\{FF943F9B-54AB-447E-BF5D-27FC2060FCDE}.tap
Tue Sep 20 11:16:28 2011 TAP-Win32 Driver Version 9.8
Tue Sep 20 11:16:28 2011 TAP-Win32 MTU=1500
Tue Sep 20 11:16:28 2011 Notified TAP-Win32 driver to set a DHCP IP/netmask of 10.8.0.10/10.8.0.9 on interface {FF943F9B-54AB-447E-BF5D-27FC2060FCDE} [DHCP-serv: 10.8.0.8, lease-time: 31536000]
Tue Sep 20 11:16:28 2011 Successful ARP Flush on interface [20] {FF943F9B-54AB-447E-BF5D-27FC2060FCDE}
Tue Sep 20 11:16:33 2011 TEST ROUTES: 0/0 succeeded len=0 ret=0 a=0 u/d=down
Tue Sep 20 11:16:33 2011 Route: Waiting for TUN/TAP interface to come up...
Tue Sep 20 11:16:38 2011 TEST ROUTES: 0/0 succeeded len=0 ret=0 a=0 u/d=down
Tue Sep 20 11:16:38 2011 Route: Waiting for TUN/TAP interface to come up...
Tue Sep 20 11:16:39 2011 TEST ROUTES: 0/0 succeeded len=0 ret=0 a=0 u/d=down
Tue Sep 20 11:16:39 2011 Route: Waiting for TUN/TAP interface to come up...
Tue Sep 20 11:16:40 2011 TEST ROUTES: 0/0 succeeded len=0 ret=0 a=0 u/d=down
Tue Sep 20 11:16:40 2011 Route: Waiting for TUN/TAP interface to come up...
Tue Sep 20 11:16:41 2011 TEST ROUTES: 0/0 succeeded len=0 ret=0 a=0 u/d=down
Tue Sep 20 11:16:41 2011 Route: Waiting for TUN/TAP interface to come up...
Tue Sep 20 11:16:42 2011 TEST ROUTES: 0/0 succeeded len=0 ret=0 a=0 u/d=down
Tue Sep 20 11:16:42 2011 Route: Waiting for TUN/TAP interface to come up...
Tue Sep 20 11:16:43 2011 TEST ROUTES: 0/0 succeeded len=0 ret=0 a=0 u/d=down
Tue Sep 20 11:16:43 2011 Route: Waiting for TUN/TAP interface to come up...
Tue Sep 20 11:16:44 2011 TEST ROUTES: 0/0 succeeded len=0 ret=0 a=0 u/d=down
Tue Sep 20 11:16:44 2011 Route: Waiting for TUN/TAP interface to come up...
Tue Sep 20 11:16:45 2011 TEST ROUTES: 0/0 succeeded len=0 ret=0 a=0 u/d=down
Tue Sep 20 11:16:45 2011 Route: Waiting for TUN/TAP interface to come up...
Tue Sep 20 11:16:46 2011 TEST ROUTES: 0/0 succeeded len=0 ret=0 a=0 u/d=down
Tue Sep 20 11:16:46 2011 Route: Waiting for TUN/TAP interface to come up...
Tue Sep 20 11:16:47 2011 TEST ROUTES: 0/0 succeeded len=0 ret=0 a=0 u/d=down
Tue Sep 20 11:16:47 2011 Route: Waiting for TUN/TAP interface to come up...
Tue Sep 20 11:16:48 2011 TEST ROUTES: 0/0 succeeded len=0 ret=0 a=0 u/d=down
Tue Sep 20 11:16:48 2011 Route: Waiting for TUN/TAP interface to come up...
Tue Sep 20 11:16:49 2011 TEST ROUTES: 0/0 succeeded len=0 ret=0 a=0 u/d=down
Tue Sep 20 11:16:49 2011 Route: Waiting for TUN/TAP interface to come up...
Tue Sep 20 11:16:50 2011 TEST ROUTES: 0/0 succeeded len=0 ret=0 a=0 u/d=down
Tue Sep 20 11:16:50 2011 Route: Waiting for TUN/TAP interface to come up...
Tue Sep 20 11:16:51 2011 TEST ROUTES: 0/0 succeeded len=0 ret=0 a=0 u/d=down
Tue Sep 20 11:16:51 2011 Route: Waiting for TUN/TAP interface to come up...
Tue Sep 20 11:16:52 2011 TEST ROUTES: 0/0 succeeded len=0 ret=0 a=0 u/d=down
Tue Sep 20 11:16:52 2011 Route: Waiting for TUN/TAP interface to come up...
Tue Sep 20 11:16:53 2011 TEST ROUTES: 0/0 succeeded len=0 ret=0 a=0 u/d=down
Tue Sep 20 11:16:53 2011 Route: Waiting for TUN/TAP interface to come up...
Tue Sep 20 11:16:54 2011 TEST ROUTES: 0/0 succeeded len=0 ret=0 a=0 u/d=down
Tue Sep 20 11:16:54 2011 Route: Waiting for TUN/TAP interface to come up...
Tue Sep 20 11:16:55 2011 TEST ROUTES: 0/0 succeeded len=0 ret=0 a=0 u/d=down
Tue Sep 20 11:16:55 2011 Route: Waiting for TUN/TAP interface to come up...
Tue Sep 20 11:16:56 2011 TEST ROUTES: 0/0 succeeded len=0 ret=0 a=0 u/d=down
Tue Sep 20 11:16:56 2011 Route: Waiting for TUN/TAP interface to come up...
Tue Sep 20 11:16:57 2011 TEST ROUTES: 0/0 succeeded len=0 ret=0 a=0 u/d=down
Tue Sep 20 11:16:57 2011 Route: Waiting for TUN/TAP interface to come up...
Tue Sep 20 11:16:58 2011 TEST ROUTES: 0/0 succeeded len=0 ret=0 a=0 u/d=down
Tue Sep 20 11:16:58 2011 Route: Waiting for TUN/TAP interface to come up...
Tue Sep 20 11:16:59 2011 TEST ROUTES: 0/0 succeeded len=0 ret=0 a=0 u/d=down
Tue Sep 20 11:16:59 2011 Route: Waiting for TUN/TAP interface to come up...
Tue Sep 20 11:17:01 2011 TEST ROUTES: 0/0 succeeded len=0 ret=0 a=0 u/d=down
Tue Sep 20 11:17:01 2011 Route: Waiting for TUN/TAP interface to come up...
Tue Sep 20 11:17:02 2011 TEST ROUTES: 0/0 succeeded len=0 ret=0 a=0 u/d=down
Tue Sep 20 11:17:02 2011 Route: Waiting for TUN/TAP interface to come up...
Tue Sep 20 11:17:03 2011 TEST ROUTES: 0/0 succeeded len=0 ret=0 a=0 u/d=down
SYSTEM ROUTING TABLE
0.0.0.0 0.0.0.0 96.11.102.1 p=0 i=15 t=4 pr=3 a=2270 h=0 m=20/0/0/0/0
96.11.102.0 255.255.255.0 96.11.102.56 p=0 i=15 t=3 pr=3 a=2270 h=0 m=276/0/0/0/0
96.11.102.56 255.255.255.255 96.11.102.56 p=0 i=15 t=3 pr=3 a=2270 h=0 m=276/0/0/0/0
96.11.102.255 255.255.255.255 96.11.102.56 p=0 i=15 t=3 pr=3 a=2270 h=0 m=276/0/0/0/0
127.0.0.0 255.0.0.0 127.0.0.1 p=0 i=1 t=3 pr=3 a=48449 h=0 m=306/0/0/0/0
127.0.0.1 255.255.255.255 127.0.0.1 p=0 i=1 t=3 pr=3 a=48449 h=0 m=306/0/0/0/0
127.255.255.255 255.255.255.255 127.0.0.1 p=0 i=1 t=3 pr=3 a=48449 h=0 m=306/0/0/0/0
169.254.0.0 255.255.0.0 169.254.238.53 p=0 i=20 t=3 pr=3 a=25 h=0 m=286/0/0/0/0
169.254.238.53 255.255.255.255 169.254.238.53 p=0 i=20 t=3 pr=3 a=25 h=0 m=286/0/0/0/0
169.254.255.255 255.255.255.255 169.254.238.53 p=0 i=20 t=3 pr=3 a=25 h=0 m=286/0/0/0/0
224.0.0.0 240.0.0.0 127.0.0.1 p=0 i=1 t=3 pr=3 a=48449 h=0 m=306/0/0/0/0
224.0.0.0 240.0.0.0 96.11.102.56 p=0 i=15 t=3 pr=3 a=48437 h=0 m=276/0/0/0/0
224.0.0.0 240.0.0.0 169.254.238.53 p=0 i=20 t=3 pr=3 a=48436 h=0 m=286/0/0/0/0
255.255.255.255 255.255.255.255 127.0.0.1 p=0 i=1 t=3 pr=3 a=48449 h=0 m=306/0/0/0/0
255.255.255.255 255.255.255.255 96.11.102.56 p=0 i=15 t=3 pr=3 a=48437 h=0 m=276/0/0/0/0
255.255.255.255 255.255.255.255 169.254.238.53 p=0 i=20 t=3 pr=3 a=48436 h=0 m=286/0/0/0/0
SYSTEM ADAPTER LIST
TAP-Win32 Adapter V9
Index = 20
GUID = {FF943F9B-54AB-447E-BF5D-27FC2060FCDE}
IP = 169.254.238.53/255.255.0.0
MAC = 00:ff:ff:94:3f:9b
GATEWAY = 0.0.0.0/255.255.255.255
DHCP SERV = 0.0.0.0/255.255.255.255
DHCP LEASE OBTAINED = Tue Sep 20 11:17:03 2011
DHCP LEASE EXPIRES = Wed Dec 31 19:00:00 1969
DNS SERV =
Intel(R) 82577LM Gigabit Network Connection
Index = 15
GUID = {EDB8A8A6-68B0-48CC-BCED-F2286BD87851}
IP = 96.11.102.56/255.255.255.0
MAC = f0f1:5b:9a:24
GATEWAY = 96.11.102.1/255.255.255.255
DHCP SERV = 10.53.64.1/255.255.255.255
DHCP LEASE OBTAINED = Tue Sep 20 11:09:13 2011
DHCP LEASE EXPIRES = Wed Dec 31 19:00:00 1969
DNS SERV = 209.18.47.61/255.255.255.255 209.18.47.62/255.255.255.255
Tue Sep 20 11:17:03 2011 Initialization Sequence Completed With Errors ( see http://openvpn.net/faq.html#dhcpclientserv )

your first client seems ok...

your second:

Tue Sep 20 11:16:25 2011 WARNING: 'dev-type' is used inconsistently, local='dev-type tap', remote='dev-type tun'
Tue Sep 20 11:16:25 2011 WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1574', remote='link-mtu 1542'
Tue Sep 20 11:16:25 2011 WARNING: 'tun-mtu' is used inconsistently, local='tun-mtu 1532', remote='tun-mtu 1500'

and

Tue Sep 20 11:16:28 2011 WARNING: Since you are using --dev tap, the second argument to --ifconfig must be a netmask, for example something like 255.255.255.0. (silence this warning with --ifconfig-nowarn)
Tue Sep 20 11:16:28 2011 ROUTE default_gateway=96.11.102.1
Tue Sep 20 11:16:28 2011 OpenVPN ROUTE: OpenVPN needs a gateway parameter for a --route option and no default was specified by either --route-gateway or --ifconfig options
Tue Sep 20 11:16:28 2011 OpenVPN ROUTE: failed to parse/resolve route for host/network: 192.168.11.0
Tue Sep 20 11:16:28 2011 OpenVPN ROUTE: OpenVPN needs a gateway parameter for a --route option and no default was specified by either --route-gateway or --ifconfig options
Tue Sep 20 11:16:28 2011 OpenVPN ROUTE: failed to parse/resolve route for host/network: 10.8.0.0

what config are you using..???

your first client cant access 192.168.11.0 net?

Michael.

dev tun is the config, i got that issue resolved with both clients. However, both clients are not able to see the 192.168.11.0 net. They can only ping the host machine that is running openvpn, everything else is unreachable.

>everything else is unreachable.

does this include openvpn servers lan ip?

you still need to configure routing correctly to other nodes on your lan as well..

Michael.

the openvpn lan ip is reachable, the correct routing to the other nodes on the lan, isnt that what I had setup with the routing option earlier?

if your lan pcs doesnt have as default gateway the
openvpn servers lan ip then you need to add a static route to them

-or-

add a static route for openvpn subnet to your internet router.

Michael.