Endian 2.5.1 OpenVPN Server and OpenVPN client behind another Endian 2.5.1

[Guest]

[SerFingolfin]

Hi everybody.
I want to establish a VPN connection between a client (with OpenVPN software) in my LAN (Behind an Endian Firewall 2.5.1) and a OpenVPN Server on a remote Endian 2.5.1.

My client configuration is :

client
dev tap
proto udp
remote <server public ip> 1194
resolv-retry infinite
nobind
persist-key
persist-tun
ca efw-srv.pem
auth-user-pass
comp-lzo

My server configuration is :

[GENERAL SETTINGS]
OpenVPN server enabled : YES
Bridged : NO
VPN Subnet : 192.168.0.0/24 (remote GREEN is 0.x and mine is 2.x)
[ACCOUNT]
Only username and password
[ADVANCED]
Port 1194
Protocol UDP
Do not block traffic between clients CHECKED
PSK authentication CHECKED
All other options are unchecked

Outgoing firewall is disabled on both Endian
Interzone firewall is disabled on both Endian
VPN firewall is disabled on both Endian

My client connects and retrieves a valid IP, but cannot ping or access the remote machines.
Any suggestion?
Thanks in advance.

[mmiat]

have you tried with TCP? I remember some trouble with UDP...

and I've not VPN subnet, but only first and last ip address

[SerFingolfin]

I tried switching to TCP (server-side and client-side) with no results...
My interface connects and picks ip address correctly, but i can't ping or reach the remote machines

[mmiat]

post your client openvpn logs, maybe it can be useful

[SerFingolfin]

Client log file attached

[mmiat]

my vpn server is so configured:

[GENERAL SETTINGS]
OpenVPN server enabled : YES
Bridged : YES
Start IP address: 192.168.10.191 (remote LAN is 192.168.10.0/24 but no devices use 191-199)
End IP address: 192.168.10.199

[ACCOUNT]
Only username and password

[ADVANCED]
Port 1194
Protocol UDP
Do not block traffic between clients UNCHECKED
PSK authentication CHECKED
All other options are UNCHECKED

[mmiat]

I tried to replicate your configuration

in [ADVANCED] put 192.168.2.0/24 in "Force this subnet" or similar (I've italian language,anyway it's the first option

[SerFingolfin]

No way : with your configuration i can see and ping only the remote endian.
But other machines remains unreachable...
This is so weird

[mmiat]

obvious question but.....

the remote endian is the gateway of the remote lan?
are you sure that remote computers are configured to reply to ping from a remote network?

[SerFingolfin]

Yes, both Endians are gateway for their respective LAN.
I tried updating both of them to 2.5.2, with no results.
I tried installing a simple Windows VPN forwarding port 1723 to a client : everything works fine!
Should i quit trying with Endian's VPN?

[mmiat]

try

1) add in your client .conf:

verb 3
route 192.168.0.0 255.255.255.0 192.168.0.1

2) post your new log