OpenVPN could connect but did not ping internal network

I’m setting up my internal infrastructure to use OpenVPN since I want to be able to do a lot of monitoring on the Notiffi system I’m working on and I didn’t want to use an SSH tunnel and I definitely did not want to be sending instrumentation data across the Internet without protection.  So I decided to use OpenVPN.

But I had a problem.  I was able to connect relatively easily but I could not ping the machines.  Routing seemed to be working properly

1
2

ip -s route get 192.168.1.1
192.168.1.1 via 192.168.1.5 dev tun0 src 192.168.1.6

and tcpdump was showing traffic over the main eth.

1
2
3
4

tcpdump -nnel -i eth0 
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes
16:26:18.860693 90:6e:bb:82:ec:38 > 00:18:4d:7b:a8:1f, ethertype IPv4 (0x0800), length 95: 69.164.199.69.43655 > 192.168.15.2.1194: UDP, length 53

But pings were not working.  Tried to figure this out for hours, but I just couldn’t find the solution.  Then as I was checking the errors logs (after reducing the log level to 1) and I saw this

1

Oct 18 16:14:58 localhost openvpn[29751]: 69.164.199.69:43648 WARNING: 'comp-lzo' is present in remote config but missing in local config, remote='comp-lzo'

That was on the server.  I checked the logs on the client and I saw

1

Oct 18 16:19:58 li114-69 openvpn[32078]: Bad LZO decompression header byte: 42

And it got me wondering if there was just a communication problem due to one side expecting compression and the other side not.  In other words, that it wasn’t negotiated.  I made the configuration change on BOTH ides this time, tried the ping again and it worked.

1
2
3

ping 192.168.1.1
PING 192.168.1.1 (192.168.1.1) 56(84) bytes of data.
64 bytes from 192.168.1.1: icmp_seq=1 ttl=63 time=0.208 ms

Nice.