Today I have been setting up an OpenVPN server on our company's new remote website hosting virtual machine.
The server is running Windows Server 2008 64bit and is connected directly to the internet (no hub, switch or router). The client is running Windows 7 32 bit and is within a separate network with a DNS and AD server, all connected to a router and into the wall.
Both have OpenVPN 2.2 installed. I have successfully generated the CA and certificates and keys for the one client and copied them over to the client's key directory.
I can connect my client to the server but when I try and ping the server with the IP address 10.8.0.1 I get 100% packet loss, even with all firewalls disabled.
Here are my configs and connection logs
Server config:
Code: Select all
port 1194
proto udp
dev tun
ca "C:\\Program Files (x86)\\OpenVPN\\easy-rsa\\keys\\ca.crt"
cert "C:\\Program Files (x86)\\OpenVPN\\easy-rsa\\keys\\server.crt"
key "C:\\Program Files (x86)\\OpenVPN\\easy-rsa\\keys\\server.key" # This file should be kept secret
dh "C:\\Program Files (x86)\\OpenVPN\\easy-rsa\\keys\\dh1024.pem"
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
keepalive 10 120
comp-lzo
persist-key
persist-tun
status openvpn-status.log
verb 3
Code: Select all
client
dev tun
proto udp
remote *server’s external ip*
resolv-retry infinite
nobind
persist-key
persist-tun
ca "C:\\Program Files\\OpenVPN\\easy-rsa\\keys\\ca.crt"
cert "C:\\Program Files\\OpenVPN\\easy-rsa\\keys\\Ava.crt"
key "C:\\Program Files\\OpenVPN\\easy-rsa\\keys\\Ava.key"
comp-lzo
verb 3
Code: Select all
Tue Apr 05 16:09:25 2011 OpenVPN 2.0.9 Win32-MinGW [SSL] [LZO] built on Oct 1 2006
Tue Apr 05 16:09:25 2011 IMPORTANT: OpenVPN's default port number is now 1194, based on an official port number assignment by IANA. OpenVPN 2.0-beta16 and earlier used 5000 as the default port.
Tue Apr 05 16:09:25 2011 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Tue Apr 05 16:09:25 2011 LZO compression initialized
Tue Apr 05 16:09:25 2011 Control Channel MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ]
Tue Apr 05 16:09:25 2011 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
Tue Apr 05 16:09:25 2011 Local Options hash (VER=V4): '41690919'
Tue Apr 05 16:09:25 2011 Expected Remote Options hash (VER=V4): '530fdded'
Tue Apr 05 16:09:25 2011 UDPv4 link local: [undef]
Tue Apr 05 16:09:25 2011 UDPv4 link remote: *server's remote ip*:1194
Tue Apr 05 16:09:25 2011 TLS: Initial packet from *server's remote ip*:1194, sid=424195e9 4b706eda
Tue Apr 05 16:09:25 2011 VERIFY OK: depth=1, /C=UK/ST=Oxfordshire/L=Henley-on-Thames/O=Added_value_applications_Ltd./CN=AvaPaVPN/emailAddress=info@ava.co.uk
Tue Apr 05 16:09:25 2011 VERIFY OK: depth=0, /C=UK/ST=Oxfordshire/O=Added_value_applications_Ltd./CN=server/emailAddress=info@ava.co.uk
Tue Apr 05 16:09:26 2011 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Tue Apr 05 16:09:26 2011 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Tue Apr 05 16:09:26 2011 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Tue Apr 05 16:09:26 2011 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Tue Apr 05 16:09:26 2011 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Tue Apr 05 16:09:26 2011 [server] Peer Connection Initiated with *server's remote ip*:1194
Tue Apr 05 16:09:27 2011 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
Tue Apr 05 16:09:27 2011 PUSH: Received control message: 'PUSH_REPLY,route 10.8.0.1,topology net30,ping 10,ping-restart 120,ifconfig 10.8.0.6 10.8.0.5'
Tue Apr 05 16:09:27 2011 Options error: Unrecognized option or missing parameter(s) in [PUSH-OPTIONS]:2: topology (2.0.9)
Tue Apr 05 16:09:27 2011 OPTIONS IMPORT: timers and/or timeouts modified
Tue Apr 05 16:09:27 2011 OPTIONS IMPORT: --ifconfig/up options modified
Tue Apr 05 16:09:27 2011 OPTIONS IMPORT: route options modified
Tue Apr 05 16:09:27 2011 TAP-WIN32 device [Local Area Connection 2] opened: \\.\Global\{DD418AB5-BE98-4509-8330-29F51BA453F9}.tap
Tue Apr 05 16:09:27 2011 TAP-Win32 Driver Version 8.4
Tue Apr 05 16:09:27 2011 TAP-Win32 MTU=1500
Tue Apr 05 16:09:27 2011 Notified TAP-Win32 driver to set a DHCP IP/netmask of 10.8.0.6/255.255.255.252 on interface {DD418AB5-BE98-4509-8330-29F51BA453F9} [DHCP-serv: 10.8.0.5, lease-time: 31536000]
Tue Apr 05 16:09:27 2011 Successful ARP Flush on interface [19] {DD418AB5-BE98-4509-8330-29F51BA453F9}
Tue Apr 05 16:09:27 2011 TEST ROUTES: 1/1 succeeded len=1 ret=1 a=0 u/d=up
Tue Apr 05 16:09:27 2011 route ADD 10.8.0.1 MASK 255.255.255.255 10.8.0.5
Tue Apr 05 16:09:27 2011 ROUTE: route addition failed using CreateIpForwardEntry: One or more arguments are not correct. [if_index=19]
Tue Apr 05 16:09:27 2011 Route addition via IPAPI failed
Tue Apr 05 16:09:27 2011 Initialization Sequence Completed
Code: Select all
Tue Apr 05 16:45:20 2011 OpenVPN 2.1.4 i686-pc-mingw32 [SSL] [LZO2] [PKCS11] built on Nov 8 2010
Tue Apr 05 16:45:20 2011 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Tue Apr 05 16:45:20 2011 Diffie-Hellman initialized with 1024 bit key
Tue Apr 05 16:45:20 2011 TLS-Auth MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ]
Tue Apr 05 16:45:20 2011 Socket Buffers: R=[8192->8192] S=[8192->8192]
Tue Apr 05 16:45:20 2011 ROUTE default_gateway=*server's remote ip*
Tue Apr 05 16:45:20 2011 TAP-WIN32 device [Local Area Connection 2] opened: \\.\Global\{9108FC84-56C8-4298-A128-59FD0E8A2A36}.tap
Tue Apr 05 16:45:20 2011 TAP-Win32 Driver Version 9.7
Tue Apr 05 16:45:20 2011 TAP-Win32 MTU=1500
Tue Apr 05 16:45:20 2011 Notified TAP-Win32 driver to set a DHCP IP/netmask of 10.8.0.1/255.255.255.252 on interface {9108FC84-56C8-4298-A128-59FD0E8A2A36} [DHCP-serv: 10.8.0.2, lease-time: 31536000]
Tue Apr 05 16:45:20 2011 Sleeping for 10 seconds...
Tue Apr 05 16:45:30 2011 Successful ARP Flush on interface [14] {9108FC84-56C8-4298-A128-59FD0E8A2A36}
Tue Apr 05 16:45:30 2011 C:\WINDOWS\system32\route.exe ADD 10.8.0.0 MASK 255.255.255.0 10.8.0.2
Tue Apr 05 16:45:30 2011 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=30 and dwForwardType=4
Tue Apr 05 16:45:30 2011 Route addition via IPAPI succeeded [adaptive]
Tue Apr 05 16:45:30 2011 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
Tue Apr 05 16:45:30 2011 UDPv4 link local (bound): [undef]:1194
Tue Apr 05 16:45:30 2011 UDPv4 link remote: [undef]
Tue Apr 05 16:45:30 2011 MULTI: multi_init called, r=256 v=256
Tue Apr 05 16:45:30 2011 IFCONFIG POOL: base=10.8.0.4 size=62
Tue Apr 05 16:45:30 2011 IFCONFIG POOL LIST
Tue Apr 05 16:45:30 2011 Ava,10.8.0.4
Tue Apr 05 16:45:30 2011 Initialization Sequence Completed
Thanks,
Max.