VPN won't route across bridge

[cxe@cxeonline.com]

Hello,
I'm fairly new to OpenVPN but have some networking experience in general
Yesterday and today I have setup OpenVPN on a few different client's Windows servers following the guide here https://community.openvpn.net/openvpn/w ... dows_Guide. I haven't really been able to get it to even ping the server it is installed on without setting it to bridge mode and bridging the TAP adapter and the Ethernet adapter of the server, but doing that seems to let me be able to ping the server.
Yesterday afternoon I was even able to ping other devices on the network over the VPN and setup one of the employees to print into the office printer from home. Today nothing will ping except the server the OpenVPN software is actually running on. This includes both the original server and one more that I bridged the Ethernet adapter in.
I've gone through the config file and tried a few different settings, then reset it and just done what seem to be normal settings and nothing lets me connect to anything except the server.
I've run out of ideas, hoping someone here has run into a similar problem or has some idea where else I can look to trace the problem. Thanks for taking the time to look at this.

server config:

View Originalserver config

1

local 192.168.1.2

2

3

4

5

port 1194

6

7

8

9

# TCP or UDP server?

10

11

;proto tcp

12

13

proto udp

14

15

16

17

dev tap

18

19

;dev tun

20

21

22

23

ca ca.crt

24

25

cert server.crt

26

27

key server.key # This file should be kept secret

28

29

30

31

dh dh2048.pem

32

33

34

35

topology subnet

36

37

38

39

40

41

;server 192.168.200.0 255.255.255.0

42

43

44

45

;ifconfig-pool-persist ipp.txt

46

47

48

49

server-bridge 192.168.200.4 255.255.255.0 192.168.200.50 192.168.200.100

50

51

52

53

;server-bridge

54

55

56

57

push "route 192.168.1.0 255.255.255.0"

58

59

;push "route 192.168.20.0 255.255.255.0"

60

61

62

63

duplicate-cn

64

65

66

67

keepalive 10 120

68

69

70

71

tls-auth ta.key 0 # This file is secret

72

73

74

75

cipher AES-256-CBC

76

77

78

79

persist-key

80

81

persist-tun

82

83

84

85

status openvpn-status.log

86

87

88

89

;log openvpn.log

90

91

;log-append openvpn.log

92

93

94

95

verb 3

96

97

98

99

# Silence repeating messages. At most 20

100

101

# sequential messages of the same message

102

103

# category will be output to the log.

104

105

;mute 20

106

107

108

109

# Notify the client that when the server restarts so it

110

111

# can automatically reconnect.

112

1

local 192.168.1.2

2

port 1194

3

proto udp

4

dev tap

5

ca ca.crt

6

cert server.crt

7

key server.key

8

dh dh2048.pem

9

topology subnet

10

server-bridge 192.168.200.4 255.255.255.0 192.168.200.50 192.168.200.100

11

push "route 192.168.1.0 255.255.255.0"

12

duplicate-cn

13

keepalive 10 120

14

tls-auth ta.key 0

15

cipher AES-256-CBC

16

persist-key

17

persist-tun

18

status openvpn-status.log

19

verb 3

View Originalclient config

1

2

3

client

4

5

6

7

dev tap

8

9

;dev tun

10

11

12

13

;proto tcp

14

15

proto udp

16

17

18

19

remote remote.myclient.com 1194

20

21

22

23

resolv-retry infinite

24

25

26

27

nobind

28

29

30

31

persist-key

32

33

persist-tun

34

35

36

37

ca ca.crt

38

39

40

41

cert Office-VPN.crt

42

43

44

45

key VOffice-VPN.key

46

47

48

49

remote-cert-tls server

50

51

52

53

tls-auth ta.key 1

54

55

56

57

cipher AES-256-CBC

58

59

60

61

# Set log file verbosity.

62

63

verb 3

64

65

66

67

# Silence repeating messages

68

69

;mute 20

70

1

client

2

dev tap

3

proto udp

4

remote remote.myclient.com 1194

5

resolv-retry infinite

6

nobind

7

persist-key

8

persist-tun

9

ca ca.crt

10

cert Office-VPN.crt

11

key VOffice-VPN.key

12

remote-cert-tls server

13

tls-auth ta.key 1

14

cipher AES-256-CBC

15

verb 3

[TinCanTech]

Do not use a bridge

[cxe@cxeonline.com]

Ok... I'm fine with this in general, but so far I haven't gotten it to do anything at all without the bridge. Here's config files from a 3rd server that I've tried to setup without the bridging if someone could please take a look and see if I'm missing something.

View Originalnon-bridged server config

1

2

3

# Which local IP address should OpenVPN

4

5

# listen on? (optional)

6

7

local 10.0.0.2

8

9

10

11

port 1194

12

13

14

15

# TCP or UDP server?

16

17

;proto tcp

18

19

proto udp

20

21

22

23

#

24

25

dev tap

26

27

;dev tun

28

29

30

31

ca "C:\\Program Files\\OpenVPN\\config\\ca.crt"

32

33

cert "C:\\Program Files\\OpenVPN\\config\\server.crt"

34

35

36

37

key "C:\\Program Files\\OpenVPN\\config\\server.key"

38

39

40

41

dh "C:\\Program Files\\OpenVPN\\config\\dh2048.pem"

42

43

44

45

topology subnet

46

47

48

49

# Configure server mode and supply a VPN subnet

50

51

# for OpenVPN to draw client addresses from.

52

53

# The server will take 10.8.0.1 for itself,

54

55

# the rest will be made available to clients.

56

57

# Each client will be able to reach the server

58

59

# on 10.8.0.1. Comment this line out if you are

60

61

# ethernet bridging. See the man page for more info.

62

63

server 10.9.0.0 255.255.255.0

64

65

66

67

;ifconfig-pool-persist ipp.txt

68

69

70

71

# Configure server mode for ethernet bridging.

72

73

# You must first use your OS's bridging capability

74

75

# to bridge the TAP interface with the ethernet

76

77

# NIC interface. Then you must manually set the

78

79

# IP/netmask on the bridge interface, here we

80

81

# assume 10.8.0.4/255.255.255.0. Finally we

82

83

# must set aside an IP range in this subnet

84

85

# (start=10.8.0.50 end=10.8.0.100) to allocate

86

87

# to connecting clients. Leave this line commented

88

89

# out unless you are ethernet bridging.

90

91

;server-bridge 10.9.0.4 255.255.255.0 10.9.0.50 10.9.0.100

92

93

94

95

push "route 10.0.0.0 255.255.255.0"

96

97

;push "route 192.168.20.0 255.255.255.0"

98

99

100

101

102

103

push "dhcp-option DNS 10.0.0.2"

104

105

;push "dhcp-option DNS 208.67.220.220"

106

107

108

109

duplicate-cn

110

111

112

113

keepalive 10 120

114

115

116

117

tls-auth ta.key 0 # This file is secret

118

119

120

121

cipher AES-256-CBC

122

123

124

125

persist-key

126

127

persist-tun

128

129

130

131

# Output a short status file showing

132

133

# current connections, truncated

134

135

# and rewritten every minute.

136

137

status openvpn-status.log

138

139

140

141

log openvpn.log

142

143

144

145

146

147

# Set the appropriate level of log

148

149

# file verbosity.

150

151

#

152

153

# 0 is silent, except for fatal errors

154

155

# 4 is reasonable for general usage

156

157

# 5 and 6 can help to debug connection problems

158

159

# 9 is extremely verbose

160

161

verb 3

162

163

164

165

# Silence repeating messages. At most 20

166

167

# sequential messages of the same message

168

169

# category will be output to the log.

170

171

;mute 20

172

173

174

175

# Notify the client that when the server restarts so it

176

177

# can automatically reconnect.

178

1

local 10.0.0.2

2

port 1194

3

proto udp

4

dev tap

5

ca "C:\\Program Files\\OpenVPN\\config\\ca.crt"

6

cert "C:\\Program Files\\OpenVPN\\config\\server.crt"

7

key "C:\\Program Files\\OpenVPN\\config\\server.key"

8

dh "C:\\Program Files\\OpenVPN\\config\\dh2048.pem"

9

topology subnet

10

server 10.9.0.0 255.255.255.0

11

push "route 10.0.0.0 255.255.255.0"

12

push "dhcp-option DNS 10.0.0.2"

13

duplicate-cn

14

keepalive 10 120

15

tls-auth ta.key 0

16

cipher AES-256-CBC

17

persist-key

18

persist-tun

19

status openvpn-status.log

20

log openvpn.log

21

verb 3

and of course

View Originalnon-bridging client config

1

2

3

client

4

5

6

7

dev tap

8

9

;dev tun

10

11

12

13

;dev-node MyTap

14

15

16

17

;proto tcp

18

19

proto udp

20

21

22

23

remote myclient.no-ip.org 1194

24

25

26

27

;remote-random

28

29

30

31

resolv-retry infinite

32

33

34

35

nobind

36

37

38

39

# Try to preserve some state across restarts.

40

41

persist-key

42

43

persist-tun

44

45

46

47

ca ca.crt

48

49

50

51

cert my-VPN.crt

52

53

54

55

key my-VPN.key

56

57

58

59

60

61

remote-cert-tls server

62

63

64

65

tls-auth ta.key 1

66

67

68

69

cipher AES-256-CBC

70

71

72

73

# Set log file verbosity.

74

75

verb 3

76

77

78

79

# Silence repeating messages

80

81

;mute 20

82

1

client

2

dev tap

3

proto udp

4

remote myclient.no-ip.org 1194

5

resolv-retry infinite

6

nobind

7

persist-key

8

persist-tun

9

ca ca.crt

10

cert my-VPN.crt

11

key my-VPN.key

12

remote-cert-tls server

13

tls-auth ta.key 1

14

cipher AES-256-CBC

15

verb 3

Again, thanks for taking a look

[cxe@cxeonline.com]

Anybody have an idea what might need to be done to get this working?

[TinCanTech]

Yesterday afternoon I was even able to ping other devices on the network over the VPN and setup one of the employees to print into the office printer from home. Today nothing will ping except the server the OpenVPN software is actually running on

This is an unsupportable position to be in.

Simply follow the Howto and setup a standard VPN server.

If you want something more complicated you will need to expand your knowledge of networking.

You can contact me privately for assistance: tincanteksup <at> gmail (Fees apply)