Bridged connection ok between routers, but not from PC

[alexander.hagen]

I have a bridge Ethernet connection between my home in Indonesia and my studio room in Singapore. Both sides have DDWRT routers. Indonesia is the OpenVPN server, whereas Singapore runs as OpenVPN client. It uses a TAP connection. This all works fine. No issues.

However, when traveling, I also want to be able to connect from my Windows 8.1 laptop to the VPN. Although the connection is established successfully, none of the devices in the VPN are accessible. Ping also fails. I have tried this from several locations but done works. I also have disabled all Windows firewalls, but so far nothing worked.

Any help is highly appreciated.

Here's the configuration of the OpenVPN server (in Indonesia). This is an ASUS AC68U router with DDWRT.

Code: Select all

dh /tmp/openvpn/dh.pem
ca /tmp/openvpn/ca.crt 
cert /tmp/openvpn/cert.pem 
key /tmp/openvpn/key.pem 
keepalive 10 120 
verb 3 
mute 3 
syslog writepid /var/run/openvpnd.pid 
management 127.0.0.1 14 
management-log-cache 100 
topology subnet
script-security 2 
port 1194 
proto udp 
cipher bf-cbc 
auth md5 
client-connect /tmp/openvpn/clcon.sh 
client-disconnect /tmp/openvpn/cldiscon.sh 
client-config-dir /jffs/etc/openvpn/ccd 
comp-lzo adaptive 
tls-server 
duplicate-cn 
client-to-client push "redirect-gateway def1" 
fast-io 
tun-mtu 1500 
fragment 1500 
mssfix 
server-bridge 10.8.12.1 255.255.255.0 10.8.12.2 10.8.12.49 
dev tap2 
passtos 
push "route 192.168.12.0 255.255.255.0" 

Here's the configuration of the OpenVPN client on the laptop (Windows 8.1):

Code: Select all

client
auth md5
dev tap
proto udp
remote ivpn.********.com 1194
resolv-retry infinite
nobind
persist-key
persist-tun
cipher bf-cbc
comp-lzo adaptive
verb 3
<ca>
-----BEGIN CERTIFICATE-----
<<removed>>
-----END CERTIFICATE-----
</ca>

<cert>
-----BEGIN CERTIFICATE-----
<<removed>>
-----END CERTIFICATE-----
</cert>

<key>
-----BEGIN PRIVATE KEY-----
<<removed>>
-----END PRIVATE KEY-----
</key>

When trying to connect, this is the log.

Code: Select all

Wed Nov 18 21:57:06 2015 OpenVPN 2.3.8 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [PKCS11] [IPv6] built on Aug  4 2015
Wed Nov 18 21:57:06 2015 library versions: OpenSSL 1.0.1p 9 Jul 2015, LZO 2.08
Enter Management Password:
Wed Nov 18 21:57:06 2015 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25340
Wed Nov 18 21:57:06 2015 Need hold release from management interface, waiting...
Wed Nov 18 21:57:06 2015 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25340
Wed Nov 18 21:57:06 2015 MANAGEMENT: CMD 'state on'
Wed Nov 18 21:57:06 2015 MANAGEMENT: CMD 'log all on'
Wed Nov 18 21:57:06 2015 MANAGEMENT: CMD 'hold off'
Wed Nov 18 21:57:06 2015 MANAGEMENT: CMD 'hold release'
Wed Nov 18 21:57:06 2015 WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
Wed Nov 18 21:57:06 2015 Socket Buffers: R=[65536->65536] S=[65536->65536]
Wed Nov 18 21:57:06 2015 MANAGEMENT: >STATE:1447855026,RESOLVE,,,
Wed Nov 18 21:57:07 2015 UDPv4 link local: [undef]
Wed Nov 18 21:57:07 2015 UDPv4 link remote: [AF_INET]139.10.115.84:1194
Wed Nov 18 21:57:07 2015 MANAGEMENT: >STATE:1447855027,WAIT,,,
Wed Nov 18 21:57:13 2015 MANAGEMENT: >STATE:1447855033,AUTH,,,
Wed Nov 18 21:57:13 2015 TLS: Initial packet from [AF_INET]139.10.115.84:1194, sid=c07a5fb6 b354fd55
Wed Nov 18 21:57:13 2015 VERIFY OK: depth=1, C=ID, ST=BT, L=********, O=********, OU=NA, CN=Administrator, name=AC68U, emailAddress=<<removed>>
Wed Nov 18 21:57:13 2015 VERIFY OK: depth=0, C=ID, ST=BT, L=********, O=********, OU=NA, CN=Administrator, name=AC68U, emailAddress=<<removed>
Wed Nov 18 21:57:14 2015 WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1570', remote='link-mtu 1574'
Wed Nov 18 21:57:14 2015 WARNING: 'mtu-dynamic' is present in remote config but missing in local config, remote='mtu-dynamic'
Wed Nov 18 21:57:14 2015 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Wed Nov 18 21:57:14 2015 Data Channel Encrypt: Using 128 bit message hash 'MD5' for HMAC authentication
Wed Nov 18 21:57:14 2015 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Wed Nov 18 21:57:14 2015 Data Channel Decrypt: Using 128 bit message hash 'MD5' for HMAC authentication
Wed Nov 18 21:57:14 2015 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Wed Nov 18 21:57:14 2015 [Administrator] Peer Connection Initiated with [AF_INET]139.10.115.84:1194
Wed Nov 18 21:57:15 2015 MANAGEMENT: >STATE:1447855035,GET_CONFIG,,,
Wed Nov 18 21:57:17 2015 SENT CONTROL [Administrator]: 'PUSH_REQUEST' (status=1)
Wed Nov 18 21:57:17 2015 PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1,route 192.168.12.0 255.255.255.0,route-gateway 10.8.12.1,ping 10,ping-restart 120,ifconfig 10.8.12.3 255.255.255.0'
Wed Nov 18 21:57:17 2015 OPTIONS IMPORT: timers and/or timeouts modified
Wed Nov 18 21:57:17 2015 OPTIONS IMPORT: --ifconfig/up options modified
Wed Nov 18 21:57:17 2015 OPTIONS IMPORT: route options modified
Wed Nov 18 21:57:17 2015 OPTIONS IMPORT: route-related options modified
Wed Nov 18 21:57:17 2015 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Wed Nov 18 21:57:17 2015 MANAGEMENT: >STATE:1447855037,ASSIGN_IP,,10.8.12.3,
Wed Nov 18 21:57:17 2015 open_tun, tt->ipv6=0
Wed Nov 18 21:57:17 2015 TAP-WIN32 device [Ethernet 2] opened: \\.\Global\{733C0D67-F1F6-4A28-B004-DEAE06B52626}.tap
Wed Nov 18 21:57:17 2015 TAP-Windows Driver Version 9.21 
Wed Nov 18 21:57:17 2015 Notified TAP-Windows driver to set a DHCP IP/netmask of 10.8.12.3/255.255.255.0 on interface {733C0D67-F1F6-4A28-B004-DEAE06B52626} [DHCP-serv: 10.8.12.0, lease-time: 31536000]
Wed Nov 18 21:57:17 2015 Successful ARP Flush on interface [15] {733C0D67-F1F6-4A28-B004-DEAE06B52626}
Wed Nov 18 21:57:22 2015 TEST ROUTES: 2/2 succeeded len=1 ret=1 a=0 u/d=up
Wed Nov 18 21:57:22 2015 C:\WINDOWS\system32\route.exe ADD 139.10.115.84 MASK 255.255.255.255 192.168.12.4
Wed Nov 18 21:57:22 2015 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=25 and dwForwardType=4
Wed Nov 18 21:57:22 2015 Route addition via IPAPI succeeded [adaptive]
Wed Nov 18 21:57:22 2015 C:\WINDOWS\system32\route.exe ADD 0.0.0.0 MASK 128.0.0.0 10.8.12.1
Wed Nov 18 21:57:22 2015 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=20 and dwForwardType=4
Wed Nov 18 21:57:22 2015 Route addition via IPAPI succeeded [adaptive]
Wed Nov 18 21:57:22 2015 C:\WINDOWS\system32\route.exe ADD 128.0.0.0 MASK 128.0.0.0 10.8.12.1
Wed Nov 18 21:57:22 2015 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=20 and dwForwardType=4
Wed Nov 18 21:57:22 2015 Route addition via IPAPI succeeded [adaptive]
Wed Nov 18 21:57:22 2015 MANAGEMENT: >STATE:1447855042,ADD_ROUTES,,,
Wed Nov 18 21:57:22 2015 C:\WINDOWS\system32\route.exe ADD 192.168.12.0 MASK 255.255.255.0 10.8.12.1
Wed Nov 18 21:57:22 2015 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=20 and dwForwardType=4
Wed Nov 18 21:57:22 2015 Route addition via IPAPI succeeded [adaptive]
Wed Nov 18 21:57:22 2015 Initialization Sequence Completed
Wed Nov 18 21:57:22 2015 MANAGEMENT: >STATE:1447855042,CONNECTED,SUCCESS,10.8.12.3,139.0.115.84

Please let me know if more information is needed.

Thanks in advance for your help!

[Traffic]

This Forum does not provide support for DDWRT routers.

However, from your config:

This is an ASUS AC68U router with DDWRT.

Code:
server-bridge 10.8.12.1 255.255.255.0 10.8.12.2 10.8.12.49
push "route 192.168.12.0 255.255.255.0"

Typically --server-bridge would be the same network as your physical LAN.