Openvpn – Simple OpenVPN setup on Windows Server 2003 SBS with RRAS

I am trying to set up the most basic VPN configuration with OpenVPN. The server is Windows Server 2003 SBS. A typical client system is Windows 7 Professional.

The server has two physical NICs (WAN & LAN). The WAN NIC is assigned a static WAN IP by the router. The server manages the NAT & Firewall with Windows' Routing and Remote Access service.

I have followed the setup HOWTO and attempted to keep things as simple as possible.

The OpenVPN client connects to the OpenVPN server and is assigned an IP address.

The problem is that I cannot ping the server from the client after the connection is established (or perform any other communication for that matter).

I suspect that there may be a conflict with RRAS.

I would like to provide more information, but I need guidance as to what information is needed to solve this problem. The following is a starting point:

OpenVPN server config:

port 1194
proto tcp
dev tun
ca ca.crt
cert server.crt
key server.key
dh dh1024.pem
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
client-to-client
keepalive 10 120
comp-lzo
max-clients 100
persist-key
persist-tun
status openvpn-status.log
verb 3

Typical OpenVPN client config:

client
dev tun
proto tcp
remote XXX.XXX.XXX.XXX 1194
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
cert client.crt
key client.key
ns-cert-type server
comp-lzo
verb 3

OpenVPN Client startup output:

OpenVPN 2.2.1 Win32-MSVC++ [SSL] [LZO2] built on Jul  1 2011
NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
LZO compression initialized
Control Channel MTU parms [ L:1544 D:140 EF:40 EB:0 ET:0 EL:0 ]
Socket Buffers: R=[8192->8192] S=[8192->8192]
Data Channel MTU parms [ L:1544 D:1450 EF:44 EB:135 ET:0 EL:0 AF:3/1 ]
Local Options hash (VER=V4): '69109d17'
Expected Remote Options hash (VER=V4): 'c0103fa8'
Attempting to establish TCP connection with XXX.XXX.XXX.XXX:1194
TCP connection established with XXX.XXX.XXX.XXX:1194
TCPv4_CLIENT link local: [undef]
TCPv4_CLIENT link remote: XXX.XXX.XXX.XXX:1194
TLS: Initial packet from XXX.XXX.XXX.XXX:1194, sid=2c253639 f0d75bbe
VERIFY OK: depth=1, /C=XX/L=XXX/O=XXX/CN=XXX
VERIFY OK: nsCertType=SERVER
VERIFY OK: depth=0, /C=XX/L=XXX/O=XXX/CN=XXX
Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
[XXX] Peer Connection Initiated with XXX.XXX.XXX.XXX:1194
SENT CONTROL [XXX]: 'PUSH_REQUEST' (status=1)
PUSH: Received control message: 'PUSH_REPLY,route 10.8.0.0 255.255.255.0,topology net30,ping 10,ping-restart 120,ifconfig 10.8.0.6 10.8.0.5'
OPTIONS IMPORT: timers and/or timeouts modified
OPTIONS IMPORT: --ifconfig/up options modified
OPTIONS IMPORT: route options modified
ROUTE default_gateway=192.168.1.1
TAP-WIN32 device [OpenVPN] opened: \\.\Global\{F4CEEE7C-B82C-4EF3-8C1E-4EA31CCC237A}.tap
TAP-Win32 Driver Version 9.8 
TAP-Win32 MTU=1500
Notified TAP-Win32 driver to set a DHCP IP/netmask of 10.8.0.6/255.255.255.252 on interface {F4CEEE7C-B82C-4EF3-8C1E-4EA31CCC237A} [DHCP-serv: 10.8.0.5, lease-time: 31536000]
Successful ARP Flush on interface [16] {F4CEEE7C-B82C-4EF3-8C1E-4EA31CCC237A}
TEST ROUTES: 1/1 succeeded len=1 ret=1 a=0 u/d=up
C:\WINDOWS\system32\route.exe ADD 10.8.0.0 MASK 255.255.255.0 10.8.0.5
ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=30 and dwForwardType=4
Route addition via IPAPI succeeded [adaptive]
Initialization Sequence Completed