[Openvpn-users] bridging, strange issue

[<sk...@li...>]

Hi there. I have following bridge configuration:

   debian linux box. openvpn server
192.168.37.170/24 - A, internal network
x.x.x.x - A, internet network
              |
              |
   Adsl modem. with NAT
              |
    client. debian linuxbox

After connection succesfull initiated, i cannot ping from client nor A, 
not network 37.0/24. And vise versa. Both host return destination host 
unreachable.
Client got an address 192.168.37.252 but can't obtain mac address for 
server, arp -a show a record 192.168.37.170 (incomplete)   tap0. Server 
A has same incomplete record for client address. Arp request from client 
transfered to tap0, but looks that packet nether reach server. Server 
tap0 interface has a some broadcast traffic, that never reach client 
(tcpdump capture nothing). During arp request, debug show lines like 
WrWrWr (lower case 'r'). Keeapilve packets running normally (looks like 
WRWRWR chars in debug), and routed tunnel (same servers, routed tunnel 
setup) works fine. Both host has empty iptables with accept as default 
policy.

config for server:
-------------------
port 1194
proto tcp
dev tap
ca /etc/openvpn/easy-rsa/keys/ca.crt
cert /etc/openvpn/easy-rsa/keys/server.crt
dh /etc/openvpn/easy-rsa/keys/dh1024.pem
server-bridge 192.168.37.170 255.255.255.0 192.168.37.252 192.168.37.253
ifconfig-pool-persist ipp.txt
push "route 192.168.37.0 255.255.255.0"
keepalive 10 120
user nobody
group nogroup
persist-key
persist-tun
status openvpn-status.log
verb 4
---------------

client config

---------------
client
dev tap
proto tcp
remote x.x.x.x 1194
resolv-retry infinite
nobind
persist-key
persist-tun
ca /etc/openvpn/keys/ca.crt
cert /etc/openvpn/keys/cobalt.crt
key /etc/openvpn/keys/cobalt.key
verb 5
-------------

route table for client:

-------------
Kernel IP routing table
Destination     Gateway         Genmask         Flags   MSS Window  irtt 
Iface
192.168.37.0    192.168.37.170  255.255.255.0   UG        0 0          0 
tap0
192.168.37.0    0.0.0.0         255.255.255.0   U         0 0          0 
tap0
192.168.1.0     0.0.0.0         255.255.255.0   U         0 0          0 
eth0
0.0.0.0         192.168.1.1     0.0.0.0         UG        0 0          0 
eth0
---------------------
  
At last, i tried change server from debian to suse, remove server-bridge 
and add 'config' directive, change client to winxp  - all same result. 
All looks like that i did a fundamental error on server side, but can't 
determine where is it. Please help, i'm about to going mad.