Client connects, mac learned but can not connect via SSH or WWW


  • I know this sounds like it would be hella simple but so far, it's proven not to be….

    We have an OpenVPN server that's setup doing a bridged (tap) VPN.  Everything has been working fine but one of the first customers we got onboard for this project called up.  They tried connecting the 3rd box we sent them to a DSL connection to get the VPN going.  I can see the connection, the VPN server learns the MAC address but I can't ping, SSH or hit the webConfigurator.  They powered up the first box we had sent them that's connected through the corporate network and everything works fine.  I can ping, ssh and hit the webConfigurator.

    Now the funny part is, we went through this about a month ago and it was the exact opposite.  Anything connected to the DSL (I know the box on the DSL now was used) worked fine but anything on the corporate network didn't.  I've been banging my head on this all afternoon.  Nothing changed as far as i know from when it worked before and now.  It'd be alot easier to diagnose but the box is in Chicago and I'm in North Alabama :\

    Here's a log of what's going on:
    Jun 28 15:56:35 openvpn[13311]: MULTI: multi_create_instance called
    Jun 28 15:56:35 openvpn[13311]: 75.xxx.xxx.xxx:63545 Re-using SSL/TLS context
    Jun 28 15:56:35 openvpn[13311]: 75.xxx.xxx.194:63545 LZO compression initialized
    Jun 28 15:56:35 openvpn[13311]: 75.xxx.xxx.194:63545 Control Channel MTU parms [ L:1578 D:138 EF:38 EB:0 ET:0 EL:0 ]
    Jun 28 15:56:35 openvpn[13311]: 75.xxx.xxx.194:63545 Data Channel MTU parms [ L:1578 D:1400 EF:46 EB:135 ET:32 EL:0 AF:3/1 ]
    Jun 28 15:56:35 openvpn[13311]: 75.xxx.xxx.194:63545 Fragmentation MTU parms [ L:1578 D:1400 EF:45 EB:135 ET:33 EL:0 AF:3/1 ]
    Jun 28 15:56:35 openvpn[13311]: 75.xxx.xxx.194:63545 Local Options String: 'V4,dev-type tap,link-mtu 1578,tun-mtu 1532,proto UDPv4,comp-lzo,mtu-dynamic,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-server'
    Jun 28 15:56:35 openvpn[13311]: 75.xxx.xxx.194:63545 Expected Remote Options String: 'V4,dev-type tap,link-mtu 1578,tun-mtu 1532,proto UDPv4,comp-lzo,mtu-dynamic,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-client'
    Jun 28 15:56:35 openvpn[13311]: 75.xxx.xxx.194:63545 Local Options hash (VER=V4): 'e2a912d8'
    Jun 28 15:56:35 openvpn[13311]: 75.xxx.xxx.194:63545 Expected Remote Options hash (VER=V4): '9a22532e'
    Jun 28 15:56:35 openvpn[13311]: 75.xxx.xxx.194:63545 TLS: Initial packet from 75.xxx.xxx.194:63545, sid=ca319dd5 28cc6181
    Jun 28 15:56:36 openvpn[13311]: nick-test/74.xxx.xxx.28:3276 PUSH: Received control message: 'PUSH_REQUEST'
    Jun 28 15:56:36 openvpn[13311]: nick-test/74.xxx.xxx.28:3276 SENT CONTROL [nick-test]: 'PUSH_REPLY,route-gateway 192.168.75.5,ping 30,ping-restart 120,ifconfig 192.168.75.42 255.255.255.0' (status=1)
    Jun 28 15:56:36 openvpn[13311]: 75.xxx.xxx.194:63545 VERIFY OK: depth=1, /C=US/ST=AL/L=Decatur/O=SFS/CN=SFS_CA/emailAddress=admin@xxx.us
    Jun 28 15:56:36 openvpn[13311]: 75.xxx.xxx.194:63545 VERIFY OK: depth=0, /C=US/ST=AL/L=Decatur/O=SFS/CN=chicago/emailAddress=admin@xxx.us
    Jun 28 15:56:36 openvpn[13311]: 75.xxx.xxx.194:63545 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
    Jun 28 15:56:36 openvpn[13311]: 75.xxx.xxx.194:63545 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
    Jun 28 15:56:36 openvpn[13311]: 75.xxx.xxx.194:63545 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
    Jun 28 15:56:36 openvpn[13311]: 75.xxx.xxx.194:63545 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
    Jun 28 15:56:37 openvpn[13311]: 75.xxx.xxx.194:63545 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
    Jun 28 15:56:37 openvpn[13311]: 75.xxx.xxx.194:63545 [chicago] Peer Connection Initiated with 75.xxx.xxx.194:63545
    Jun 28 15:56:38 openvpn[13311]: chicago/75.xxx.xxx.194:63545 PUSH: Received control message: 'PUSH_REQUEST'
    Jun 28 15:56:38 openvpn[13311]: chicago/75.xxx.xxx.194:63545 SENT CONTROL [chicago]: 'PUSH_REPLY,route-gateway 192.168.75.5,ping 30,ping-restart 120,ifconfig 192.168.75.49 255.255.255.0' (status=1)
    Jun 28 15:56:38 openvpn[13311]: chicago/75.xxx.xxx.194:63545 MULTI: Learn: 00:bd:7e:1e:00:00 -> chicago/75.xxx.xxx.194:63545

    Any ideas as to what could have happened between here and then or possible differences that I could look for?  I'm still trying to get a hold of something up north so I could try switching the boxes (put the working one on the DSL and the one that isn't working on the corporate network)