Can't ping host in OpenVPN Site-to-Site VPN

Question

My logs say that a connection has been established but I cant ping the host.

Here are my logs.

Firewall 1 Logs:

May 24 10:42:57 openvpn[9163]: /etc/rc.filter_configure tun0 1500 1544 10.0.8.1 10.0.8.2 init  
May 24 10:42:57 openvpn[9163]: SIGTERM[hard,] received, process exiting  
May 24 10:42:59 openvpn[9742]: OpenVPN 2.0.6 i386-portbld-freebsd7.2 [SSL] [LZO] built on Dec 4 2009  
May 24 10:42:59 openvpn[9742]: WARNING: file '/var/etc/openvpn_server0.key' is group or others accessible  
May 24 10:42:59 openvpn[9742]: gw 112.202.0.1  
May 24 10:42:59 openvpn[9742]: TUN/TAP device /dev/tun0 opened  
May 24 10:42:59 openvpn[9742]: /sbin/ifconfig tun0 10.0.8.1 10.0.8.2 mtu 1500 netmask 255.255.255.255 up  
May 24 10:42:59 openvpn[9742]: /etc/rc.filter_configure tun0 1500 1544 10.0.8.1 10.0.8.2 init  
May 24 10:43:00 openvpn[9757]: Listening for incoming TCP connection on [undef]:1194  
May 24 10:43:00 openvpn[9757]: TCPv4_SERVER link local (bound): [undef]:1194  
May 24 10:43:00 openvpn[9757]: TCPv4_SERVER link remote: [undef]  
May 24 10:43:00 openvpn[9757]: Initialization Sequence Completed  
May 24 10:43:02 openvpn[9757]: Re-using SSL/TLS context  
May 24 10:43:02 openvpn[9757]: LZO compression initialized  
May 24 10:43:02 openvpn[9757]: TCP connection established with 119.93.150.4:47750  
May 24 10:43:02 openvpn[9757]: TCPv4_SERVER link local: [undef]  
May 24 10:43:02 openvpn[9757]: TCPv4_SERVER link remote: 119.93.150.4:47750  
May 24 10:43:06 openvpn[9757]: 119.93.150.4:47750 [client] Peer Connection Initiated with 119.93.150.4:47750  

Firewall 2 Logs:

May 24 10:42:57 openvpn[7489]: Connection reset, restarting [0]  
May 24 10:42:57 openvpn[7489]: SIGUSR1[soft,connection-reset] received, process restarting  
May 24 10:43:02 openvpn[7489]: WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.  
May 24 10:43:02 openvpn[7489]: Re-using SSL/TLS context  
May 24 10:43:02 openvpn[7489]: LZO compression initialized  
May 24 10:43:02 openvpn[7489]: Attempting to establish TCP connection with 112.202.103.45:1194  
May 24 10:43:02 openvpn[7489]: TCP connection established with 112.202.103.45:1194  
May 24 10:43:02 openvpn[7489]: TCPv4_CLIENT link local: [undef]  
May 24 10:43:02 openvpn[7489]: TCPv4_CLIENT link remote: 112.202.103.45:1194  
May 24 10:43:06 openvpn[7489]: [server] Peer Connection Initiated with 112.202.103.45:1194  
May 24 10:43:08 openvpn[7489]: Options error: Unrecognized option or missing parameter(s) in [PUSH-OPTIONS]:1: 112.202.103.45 (2.0.6)  
May 24 10:43:08 openvpn[7489]: Preserving previous TUN/TAP instance: tun0  
May 24 10:43:08 openvpn[7489]: Initialization Sequence Completed  

What could the problem be?

Answer 1

It appears that even though you seem to have a "push" option in the config file for firewall2, there is a syntactical problem with it:

May 24 10:43:08 openvpn[7489]: Options error: Unrecognized option or missing parameter(s) in [PUSH-OPTIONS]:1: 112.202.103.45 (2.0.6)

Once this is fixed, you should have routing through the tunnel, which will give firewall2 access to machines on the other end of the tunnel.

Answer 2

We had this same problem using OpenVPN. The fix we found was that OpenVPN must alway be ran as an administrator. I know it sounds ridiculous, but it works.

Answer 3

Aside from the push, which probably isn't enough to break the connection, the logs look normal. You're likely missing a route, or have the route wrong, on one or both ends.