OpenVPN client connected, but cannot ping inside VPN address range

openvpnwindows 7

I set up OpenVPN 2.1.3 on Windows 7 following the OpenVPN Easy Windows Guide. The client (another computer) can connect without problems and gets the desired IP x.x.x.6/255.255.255.252 in the VPN IP range. The server itself is x.x.x.1/255.255.255.252.

In my scenario, I only have clients which need to connect securely to that one server (which also runs the OpenVPN server).

But the client and server cannot ping each other (on their VPN IP addresses). What's wrong here?

On the server, I set "HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\IPEnableRouter=1" to enable IP forwarding (and restarted of course).

(EDIT: I must add that ping works when I use TAP device, but how about TUN?)

Server config:

port 1194
proto udp
dev tun
ca ca.crt
cert server.crt
key server.key
dh dh2048.pem
server 192.169.0.0 255.255.255.0 # OpenVPN seems to change this to x.x.x.252
ifconfig-pool-persist ipp.txt
client-to-client # not sure if I need this, just tried
keepalive 10 120
comp-lzo
persist-key
persist-tun
status openvpn-status.log
verb 4

Client config:

client
dev tun
proto udp
remote 192.168.1.197 1194 # That's the server's physical address on my wifi
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
cert client.crt
key client.key
ns-cert-type server
comp-lzo
verb 3

EDIT 2

Here are the routes created by both modes:

route print on client with TUN

192.169.0.0     255.255.255.0      192.169.0.9     192.169.0.10     30
192.169.0.8   255.255.255.252         On-link      192.169.0.10    286
192.169.0.10  255.255.255.255         On-link      192.169.0.10    286
192.169.0.11  255.255.255.255         On-link      192.169.0.10    286

route print on server with TUN

192.169.0.0     255.255.255.0      192.169.0.2     192.169.0.1     30
192.169.0.0   255.255.255.252         On-link      192.169.0.1    286
192.169.0.1   255.255.255.255         On-link      192.169.0.1    286
192.169.0.3   255.255.255.255         On-link      192.169.0.1    286

route print on client with working TAP

192.169.0.0    255.255.255.0         On-link       192.169.0.8    286
192.169.0.8  255.255.255.255         On-link       192.169.0.8    286

route print on server with working TAP

192.169.0.0    255.255.255.0         On-link       192.169.0.1    286
192.169.0.1  255.255.255.255         On-link       192.169.0.1    286

Best Answer

Try running openvpn-gui with Administrator privileges. Without them it couldn't write proper routes. Also try playing with --ip-win32 config option. And please show output of route print in cases of working TAP connection and non-working TUN connection.

Related Topic