OpenVPN LTS 1.2.7 not working properly

Bugs
1

This is not my first time configuring OpenVPN on VyOS.
I have configured OpenVPN on VyOS Server/Client model. I am able to connect from Windows client to VyOS/Server, my client does get an IP from VyOS, and the routes. But there is no communication between the client and server. I can not even ping the Server IP address from the client.

This is my client config:
client
dev tun
dev-node GiganticNano
proto udp
remote 66.45.25.xx
resolv-retry infinite
nobind
persist-key
persist-tun

-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgIUUHRbdTOhRhavsW66HVxmwfn0WgUwDQYJKoZIhvcNAQEL
-----END CERTIFICATE-----


Certificate:
Data:
Version: 3 (0x2)
Serial Number:
55:9c:e7:89:19:50:3e:bf:9a:6f:55:1b:c8:49:ce:d2
-----BEGIN CERTIFICATE-----
MIIFFTCCA/2gAwIBAgIQVZzniRlQPr+ab1UbyEnO0jANBgkqhkiG9w0BAQsFADCB
kU0DkklgvgAx
-----END CERTIFICATE-----


-----BEGIN PRIVATE KEY-----

-----END PRIVATE KEY-----

remote-cert-tls server
comp-lzo
verb 3

And here is my VyOS config:
$ show configuration
interfaces {
ethernet eth0 {
address 66.45.x.x/29
duplex auto
hw-id 52:54:00:2f:f1:77
smp-affinity auto
speed auto
}
ethernet eth1 {
address 192.168.7.1/24
duplex auto
hw-id 52:54:00:16:f7:8a
smp-affinity auto
speed auto
}
loopback lo {
}
openvpn vtun0 {
mode server
server {
push-route 192.168.7.0/24
subnet 192.168.4.0/27
}
tls {
ca-cert-file /config/auth/openvpn/ca.crt
cert-file /config/auth/openvpn/central.crt
dh-file /config/auth/openvpn/dh.pem
key-file /config/auth/openvpn/central.key
}
use-lzo-compression
}
vti vti1 {
}
}
protocols {
bgp 65513 {
neighbor 10.0.0.4 {
address-family {
ipv4-unicast {
soft-reconfiguration {
inbound
}
}
}
remote-as 65510
timers {
holdtime 30
keepalive 10
}
}
}
static {
route 0.0.0.0/0 {
next-hop 66.45.x.y {
}
}
}
}
service {
ssh {
listen-address 0.0.0.0
}
}
system {
config-management {
commit-revisions 100
}
console {
device ttyS0 {
speed 9600
}
}
host-name gn-is
login {
user vyos {
authentication {
encrypted-password ****************
plaintext-password ****************
}
level admin
}
}
ntp {
server 0.pool-ntp-org {
}
server 1.pool.ntp-org {
}
server 2.pool.ntp-org {
}
}
syslog {
global {
facility all {
level info
}
facility protocols {
level debug
}
}
}
time-zone UTC
}
vpn {
ipsec {
esp-group adv-esp {
compression disable
lifetime 1800
mode tunnel
pfs enable
proposal 1 {
encryption aes256
hash sha256
}
}
esp-group azu-esp {
compression disable
lifetime 3600
mode tunnel
pfs dh-group2
proposal 1 {
encryption aes256
hash sha1
}
}
ike-group adv-ike {
close-action none
ikev2-reauth no
key-exchange ikev1
lifetime 3600
proposal 1 {
dh-group 2
encryption aes256
hash sha256
}
}
ike-group azu-ike {
close-action none
ikev2-reauth yes
key-exchange ikev2
lifetime 28800
proposal 1 {
dh-group 2
encryption aes256
hash sha256
}
}
ipsec-interfaces {
interface eth0
}
site-to-site {
peer 13.92.129.156 {
authentication {
id 66.45.x.x
mode pre-shared-secret
pre-shared-secret ****************
remote-id 13.92.129.156
}
connection-type respond
description “AZURE PRIMARY TUNNEL”
ike-group azu-ike
ikev2-reauth inherit
local-address 66.45.x.x
vti {
bind vti1
esp-group azu-esp
}
}
peer 65.98.x.x {
authentication {
mode pre-shared-secret
pre-shared-secret ****************
}
connection-type initiate
default-esp-group adv-esp
ike-group adv-ike
ikev2-reauth inherit
local-address 66.45.x.x
tunnel 1 {
allow-nat-networks disable
allow-public-networks disable
local {
prefix 192.168.26.0/24
}
remote {
prefix 192.168.5.0/24
}
}
}
}
}
}

I my client get an IP address in this case 192.168.4.2 and I can not ping 192.168.4.1.
Here is my routing table on the client after OVPN connect:
IPv4 Route Table

Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.3.1 192.168.3.183 25
127.0.0.0 255.0.0.0 On-link 127.0.0.1 331
127.0.0.1 255.255.255.255 On-link 127.0.0.1 331
127.255.255.255 255.255.255.255 On-link 127.0.0.1 331
192.168.3.0 255.255.255.0 On-link 192.168.3.183 281
192.168.3.183 255.255.255.255 On-link 192.168.3.183 281
192.168.3.255 255.255.255.255 On-link 192.168.3.183 281
192.168.4.0 255.255.255.224 On-link 192.168.4.2 281
192.168.4.2 255.255.255.255 On-link 192.168.4.2 281
192.168.4.31 255.255.255.255 On-link 192.168.4.2 281
192.168.7.0 255.255.255.0 192.168.4.1 192.168.4.2 281
Thanks

Edit by tjh - removed Private Key

2

Have you set this on your client? If you don’t, bad things happen.

Also: I edited your post to remove your private key. I hope you don’t mind, it seems silly to share this publically. You have to also remember people can see your old edits, so you might want to rotate that.

3

I am using use-lzo-compression in server and client config and it makes no difference.

4

Where abouts in your configuration you’ve posted is 192.168.4.1? I don’t see it?