Yes, the masquerading/Iptables are all off. I added redirect-gateway and I connected, but it broke my Vista networking. So I went to the server and removed push "route 172.16.1.0/24 255.255.255.0" and then reconnected. The networking didn't break, but I still can't surf or ping out to the internet. FWIW, I am using Openvpn 2.1 on Ubuntu 8.10.

did the default route on the windows client change to use the VPN network interface and not the 192.168.1.1 one?

Network breaking makes me think that it is working.. just the sever side routing / nat / masquerading isn't setup right..

When broken, could you ping your vpn root (10.8.0.1 in my case)

what dose your route table look like when it broke?

_________________
Linux is like a fine lady,
Its easy if you know all the right buttons to press.

I was able to ping 172.16.1.5.
And here is my route print:
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.26 26
0.0.0.0 128.0.0.0 172.16.1.5 172.16.1.6 31
97.107.140.101 255.255.255.255 192.168.1.1 192.168.1.26 26
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
128.0.0.0 128.0.0.0 172.16.1.5 172.16.1.6 31
172.16.1.0 255.255.255.0 172.16.1.5 172.16.1.6 31
172.16.1.4 255.255.255.252 On-link 172.16.1.6 286
172.16.1.6 255.255.255.255 On-link 172.16.1.6 286
172.16.1.7 255.255.255.255 On-link 172.16.1.6 286
192.168.1.0 255.255.255.0 On-link 192.168.1.26 281
192.168.1.26 255.255.255.255 On-link 192.168.1.26 281
192.168.1.255 255.255.255.255 On-link 192.168.1.26 281
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 172.16.1.6 286
224.0.0.0 240.0.0.0 On-link 192.168.1.26 281
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 172.16.1.6 286
255.255.255.255 255.255.255.255 On-link 192.168.1.26 281
===========================================================================

And here is this thing:
Ethernet adapter Local Area Connection 2:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : TAP-Win32 Adapter V8
Physical Address. . . . . . . . . : 00-FF-2F-36-11-DC
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::7956:6f0:26de:d10%17(Preferred)
IPv4 Address. . . . . . . . . . . : 172.16.1.6(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.252
Lease Obtained. . . . . . . . . . : Wednesday, July 08, 2009 1:17:41 AM
Lease Expires . . . . . . . . . . : Thursday, July 08, 2010 1:17:40 AM
Default Gateway . . . . . . . . . :
DHCP Server . . . . . . . . . . . : 172.16.1.5
DHCPv6 IAID . . . . . . . . . . . : 385941295
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-0F-02-70-A7-00-1B-24-EA-F7-3

DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1
fec0:0:0:ffff::2%1
fec0:0:0:ffff::3%1
NetBIOS over Tcpip. . . . . . . . : Enabled

Wireless LAN adapter Wireless Network Connection:

Connection-specific DNS Suffix . : local
Description . . . . . . . . . . . : Intel(R) Wireless WiFi Link 4965AGN
Physical Address. . . . . . . . . : 00-1D-E0-35-AA-65
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IPv4 Address. . . . . . . . . . . : 192.168.1.26(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Tuesday, July 07, 2009 7:04:58 PM
Lease Expires . . . . . . . . . . : Wednesday, July 08, 2009 3:04:57 AM
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DNS Servers . . . . . . . . . . . : 192.168.1.1
Primary WINS Server . . . . . . . : 192.168.1.1
NetBIOS over Tcpip. . . . . . . . : Enabled

That Looks like its not working right. The default route should be differnet.


0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.26 26 <-- all traffic goes to our normal default gw

What it should be if you want all your traffic to go though the VPN:
0.0.0.0 0.0.0.0 172.16.1.0 172.16.1.6 ??

Unless you see that.. its not going to work..

When you make the networking on vista break. It probably had that as the default route and windows would try to send all network traffic to the linux VPN who just rejected it all. (which made windows think the networking was broken), but not broken..

_________________
Linux is like a fine lady,

Its easy if you know all the right buttons to press.

I left the VPN tunnel on for several minutes. And it broke my Windows networking. All of my web traffic passes through my proxy server on my LAN. But everything else stops.

Looking at that route table. You got 2 default routes.. that makes windows very confused.. Thats what the "redirect-gateway" command suppose to do on the client side.. don't need to have a route defined..

--
redirect-gateway should update that first line of the route table.

_________________
Linux is like a fine lady,

Its easy if you know all the right buttons to press.

I route -f on my Vista, rebooted and then connected to my VPN. The route print still comes up the same. I will tinker with it some more and read up on manually adding routes like you indicated or just move to PPTP.

problem with pptp is that microsoft implementation is flawed and dosn't really provide alot of security.. :-/

_________________
Linux is like a fine lady,

Its easy if you know all the right buttons to press.

Well, I went ahead and set up Openvpn through Webmin, and sure enough, I had the same problem as I had mentioned before. However, this time, I setup Squid proxy and now I can access the web through the proxy.

I had to enable masquerade in the iptables. That's what made it work.