client connected to server but can't ping

[maxmumford]

Hi all,

Today I have been setting up an OpenVPN server on our company's new remote website hosting virtual machine.

The server is running Windows Server 2008 64bit and is connected directly to the internet (no hub, switch or router). The client is running Windows 7 32 bit and is within a separate network with a DNS and AD server, all connected to a router and into the wall.

Both have OpenVPN 2.2 installed. I have successfully generated the CA and certificates and keys for the one client and copied them over to the client's key directory.

I can connect my client to the server but when I try and ping the server with the IP address 10.8.0.1 I get 100% packet loss, even with all firewalls disabled.

Here are my configs and connection logs

Server config:

Code: Select all

port 1194

proto udp

dev tun

ca "C:\\Program Files (x86)\\OpenVPN\\easy-rsa\\keys\\ca.crt"
cert "C:\\Program Files (x86)\\OpenVPN\\easy-rsa\\keys\\server.crt"
key "C:\\Program Files (x86)\\OpenVPN\\easy-rsa\\keys\\server.key"  # This file should be kept secret
dh "C:\\Program Files (x86)\\OpenVPN\\easy-rsa\\keys\\dh1024.pem" 

server 10.8.0.0 255.255.255.0

ifconfig-pool-persist ipp.txt

keepalive 10 120

comp-lzo

persist-key
persist-tun

status openvpn-status.log

verb 3

Client config

Code: Select all

client

dev tun

proto udp

remote *server’s external ip*

resolv-retry infinite

nobind

persist-key
persist-tun

ca "C:\\Program Files\\OpenVPN\\easy-rsa\\keys\\ca.crt"
cert "C:\\Program Files\\OpenVPN\\easy-rsa\\keys\\Ava.crt"
key "C:\\Program Files\\OpenVPN\\easy-rsa\\keys\\Ava.key"

comp-lzo

verb 3

Client to server connection log

Code: Select all

Tue Apr 05 16:09:25 2011 OpenVPN 2.0.9 Win32-MinGW [SSL] [LZO] built on Oct  1 2006
Tue Apr 05 16:09:25 2011 IMPORTANT: OpenVPN's default port number is now 1194, based on an official port number assignment by IANA.  OpenVPN 2.0-beta16 and earlier used 5000 as the default port.
Tue Apr 05 16:09:25 2011 WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
Tue Apr 05 16:09:25 2011 LZO compression initialized
Tue Apr 05 16:09:25 2011 Control Channel MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ]
Tue Apr 05 16:09:25 2011 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
Tue Apr 05 16:09:25 2011 Local Options hash (VER=V4): '41690919'
Tue Apr 05 16:09:25 2011 Expected Remote Options hash (VER=V4): '530fdded'
Tue Apr 05 16:09:25 2011 UDPv4 link local: [undef]
Tue Apr 05 16:09:25 2011 UDPv4 link remote: *server's remote ip*:1194
Tue Apr 05 16:09:25 2011 TLS: Initial packet from *server's remote ip*:1194, sid=424195e9 4b706eda
Tue Apr 05 16:09:25 2011 VERIFY OK: depth=1, /C=UK/ST=Oxfordshire/L=Henley-on-Thames/O=Added_value_applications_Ltd./CN=AvaPaVPN/emailAddress=info@ava.co.uk
Tue Apr 05 16:09:25 2011 VERIFY OK: depth=0, /C=UK/ST=Oxfordshire/O=Added_value_applications_Ltd./CN=server/emailAddress=info@ava.co.uk
Tue Apr 05 16:09:26 2011 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Tue Apr 05 16:09:26 2011 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Tue Apr 05 16:09:26 2011 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Tue Apr 05 16:09:26 2011 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Tue Apr 05 16:09:26 2011 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Tue Apr 05 16:09:26 2011 [server] Peer Connection Initiated with *server's remote ip*:1194
Tue Apr 05 16:09:27 2011 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
Tue Apr 05 16:09:27 2011 PUSH: Received control message: 'PUSH_REPLY,route 10.8.0.1,topology net30,ping 10,ping-restart 120,ifconfig 10.8.0.6 10.8.0.5'
Tue Apr 05 16:09:27 2011 Options error: Unrecognized option or missing parameter(s) in [PUSH-OPTIONS]:2: topology (2.0.9)
Tue Apr 05 16:09:27 2011 OPTIONS IMPORT: timers and/or timeouts modified
Tue Apr 05 16:09:27 2011 OPTIONS IMPORT: --ifconfig/up options modified
Tue Apr 05 16:09:27 2011 OPTIONS IMPORT: route options modified
Tue Apr 05 16:09:27 2011 TAP-WIN32 device [Local Area Connection 2] opened: \\.\Global\{DD418AB5-BE98-4509-8330-29F51BA453F9}.tap
Tue Apr 05 16:09:27 2011 TAP-Win32 Driver Version 8.4 
Tue Apr 05 16:09:27 2011 TAP-Win32 MTU=1500
Tue Apr 05 16:09:27 2011 Notified TAP-Win32 driver to set a DHCP IP/netmask of 10.8.0.6/255.255.255.252 on interface {DD418AB5-BE98-4509-8330-29F51BA453F9} [DHCP-serv: 10.8.0.5, lease-time: 31536000]
Tue Apr 05 16:09:27 2011 Successful ARP Flush on interface [19] {DD418AB5-BE98-4509-8330-29F51BA453F9}
Tue Apr 05 16:09:27 2011 TEST ROUTES: 1/1 succeeded len=1 ret=1 a=0 u/d=up
Tue Apr 05 16:09:27 2011 route ADD 10.8.0.1 MASK 255.255.255.255 10.8.0.5
Tue Apr 05 16:09:27 2011 ROUTE: route addition failed using CreateIpForwardEntry: One or more arguments are not correct.   [if_index=19]
Tue Apr 05 16:09:27 2011 Route addition via IPAPI failed
Tue Apr 05 16:09:27 2011 Initialization Sequence Completed

Server connection log

Code: Select all

Tue Apr 05 16:45:20 2011 OpenVPN 2.1.4 i686-pc-mingw32 [SSL] [LZO2] [PKCS11] built on Nov  8 2010
Tue Apr 05 16:45:20 2011 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Tue Apr 05 16:45:20 2011 Diffie-Hellman initialized with 1024 bit key
Tue Apr 05 16:45:20 2011 TLS-Auth MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ]
Tue Apr 05 16:45:20 2011 Socket Buffers: R=[8192->8192] S=[8192->8192]
Tue Apr 05 16:45:20 2011 ROUTE default_gateway=*server's remote ip*
Tue Apr 05 16:45:20 2011 TAP-WIN32 device [Local Area Connection 2] opened: \\.\Global\{9108FC84-56C8-4298-A128-59FD0E8A2A36}.tap
Tue Apr 05 16:45:20 2011 TAP-Win32 Driver Version 9.7 
Tue Apr 05 16:45:20 2011 TAP-Win32 MTU=1500
Tue Apr 05 16:45:20 2011 Notified TAP-Win32 driver to set a DHCP IP/netmask of 10.8.0.1/255.255.255.252 on interface {9108FC84-56C8-4298-A128-59FD0E8A2A36} [DHCP-serv: 10.8.0.2, lease-time: 31536000]
Tue Apr 05 16:45:20 2011 Sleeping for 10 seconds...
Tue Apr 05 16:45:30 2011 Successful ARP Flush on interface [14] {9108FC84-56C8-4298-A128-59FD0E8A2A36}
Tue Apr 05 16:45:30 2011 C:\WINDOWS\system32\route.exe ADD 10.8.0.0 MASK 255.255.255.0 10.8.0.2
Tue Apr 05 16:45:30 2011 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=30 and dwForwardType=4
Tue Apr 05 16:45:30 2011 Route addition via IPAPI succeeded [adaptive]
Tue Apr 05 16:45:30 2011 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
Tue Apr 05 16:45:30 2011 UDPv4 link local (bound): [undef]:1194
Tue Apr 05 16:45:30 2011 UDPv4 link remote: [undef]
Tue Apr 05 16:45:30 2011 MULTI: multi_init called, r=256 v=256
Tue Apr 05 16:45:30 2011 IFCONFIG POOL: base=10.8.0.4 size=62
Tue Apr 05 16:45:30 2011 IFCONFIG POOL LIST
Tue Apr 05 16:45:30 2011 Ava,10.8.0.4
Tue Apr 05 16:45:30 2011 Initialization Sequence Completed

Can anybody see where I am going wrong?

Thanks,
Max.

[maikcat]

hi there,


>Both have OpenVPN 2.2 installed

are you sure?

server:Tue Apr 05 16:45:20 2011 OpenVPN 2.1.4 i686-pc-mingw32
client:Tue Apr 05 16:09:25 2011 OpenVPN 2.0.9 Win32-MinGW [SSL] [LZO] built on Oct 1 2006

win7 MUST use openvpn 2.1.4

michael.

[maxmumford]

Nope! I must have used different install files. Uninstalling and reinstalling 2.1.4 and connecting with the same config files, keys and certificates, I can now ping the server and also access the site on the local ip : port 80 so it looks like everything is working.

As I will be setting up the VPN on operating systems running Windows XP upwards, and windows SBS and Windows Server 2003 upwards, can I use the same version for all of them?

Thanks for your help.
Max.

[maikcat]

hi there,

>can I use the same version for all of them?

yeap...

always prefer the latest stable version.

michael.

[maxmumford]

Great, thanks for your help.

[maikcat]

ok then,

Solved

-closing topic-

Michael.