VPN Connection issue. Server is running Squid3 transparent. ----------------

1. VPN Connection issue. Server is running Squid3 transparent.
2.  
3. ----------------------------------------
4. Interface config
5.  
6. auto lo
7. iface lo inet loopback
8.  
9. # The primary network interface
10. auto eth0
11. iface eth0 inet dhcp
12. dns-nameserver 8.8.8.8
13.  
14. auto eth1
15. iface eth1 inet manual
16. up ip link set $IFACE up promisc on
17.  
18. auto br0
19. iface br0 inet static
20. address 192.168.2.1
21. netmask 255.255.255.0
22. bridge_ports eth1
23.  
24. --------------------------------------
25. Server Conf
26.  
27. port 1194
28. proto udp
29. dev tap
30. up "/etc/openvpn/up.sh br0 eth1"
31. ca ****
32. cert ****
33. key ****
34. dh ****
35. ifconfig-pool-persist ipp.txt
36. server-bridge 192.168.2.1 255.255.255.0 192.168.2.100 192.168.2.101
37. keepalive 10 120
38. comp-lzo
39. persist-key
40. persist-tun
41. status openvpn-status.log
42. verb 3
43.  
44. -------------------------------------
45. up.sh
46.  
47. #!/bin/sh
48.  
49. BR=$1
50. ETHDEV=$2
51. TAPDEV=$3
52.  
53. /sbin/ip link set "$TAPDEV" up
54. /sbin/ip link set "$ETHDEV" promisc on
55. /sbin/brctl addif $BR $TAPDEV
56.  
57. ---------------------------------------
58. Client Config on Windows
59. client
60. remote 70.179.xxx.xxx
61. port 1194
62. proto udp
63. dev tun
64. dev-type tun
65. ns-cert-type server
66. reneg-sec 86400
67. # auth-user-pass
68. # auth-retry interact
69. comp-lzo yes
70. verb 3
71. ca ****.crt
72. cert ****.crt
73. key ****
74. # management 127.0.0.1 1194
75. # management-hold
76. # management-query-passwords
77. auth-retry interact
78. ; Set the name of the Windows TAP network interface device here
79. dev-node MyTAP
80.  
81. ---------------------------------------
82. syslog of vpn connection
83.  
84. Mar 28 00:24:49 SquidTrans ovpn-server[21347]: client1/50.201.xxs.xxs:1194 TLS: new session incoming connection from [AF_INET]50.201.xxx.xxx:1194
85. Mar 28 00:24:50 SquidTrans ovpn-server[21347]: client1/50.201.xxx.xxx:1194 VERIFY OK: depth=1, C=US, ST=XX, L=XX, O=MyVPN, OU=MyVPN, CN=MyVPN CA, name=MyVPN, [email protected]
86. Mar 28 00:24:50 SquidTrans ovpn-server[21347]: client1/50.201.xxx.xxx:1194 VERIFY OK: depth=0, C=US, ST=XX, L=XX, O=MyVPN, OU=MyVPN, CN=client1, name=MyVPN, [email protected]
87. Mar 28 00:24:50 SquidTrans ovpn-server[21347]: client1/50.201.xxx.xxx:1194 WARNING: 'dev-type' is used inconsistently, local='dev-type tap', remote='dev-type tun'
88. Mar 28 00:24:50 SquidTrans ovpn-server[21347]: client1/50.201.xxx.xxx:1194 WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1574', remote='link-mtu 1542'
89. Mar 28 00:24:50 SquidTrans ovpn-server[21347]: client1/50.201.xxx.xxx:1194 WARNING: 'tun-mtu' is used inconsistently, local='tun-mtu 1532', remote='tun-mtu 1500'
90. Mar 28 00:24:50 SquidTrans ovpn-server[21347]: client1/50.201.xxx.xxx:1194 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
91. Mar 28 00:24:50 SquidTrans ovpn-server[21347]: client1/50.201.xxx.xxx:1194 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
92. Mar 28 00:24:50 SquidTrans ovpn-server[21347]: client1/50.201.xxx.xxx:1194 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
93. Mar 28 00:24:50 SquidTrans ovpn-server[21347]: client1/50.201.xxx.xxx:1194 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
94. Mar 28 00:24:50 SquidTrans ovpn-server[21347]: client1/50.201.xxx.xxx:1194 TLS: move_session: dest=TM_ACTIVE src=TM_UNTRUSTED reinit_src=1
95. Mar 28 00:24:50 SquidTrans ovpn-server[21347]: client1/50.201.xxx.xxx:1194 TLS: tls_multi_process: untrusted session promoted to semi-trusted
96. Mar 28 00:24:50 SquidTrans ovpn-server[21347]: client1/50.201.xxx.xxx:1194 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
97. Mar 28 00:24:53 SquidTrans ovpn-server[21347]: client1/50.201.xxx.xxx:1194 PUSH: Received control message: 'PUSH_REQUEST'
98. Mar 28 00:24:53 SquidTrans ovpn-server[21347]: client1/50.201.xxx.xxx:1194 send_push_reply(): safe_cap=940
99. Mar 28 00:24:53 SquidTrans ovpn-server[21347]: client1/50.201.xxx.xxx:1194 SENT CONTROL [client1]: 'PUSH_REPLY,route-gateway 192.168.2.1,ping 10,ping-restart 120,ifconfig 192.168.2.100 255.255.255.0' (status=1)
100.  
101. ----------------------------------------------
102. Final message on OpenVPN connection from windows machine.
103.  
104. There is a problem in your selection of --ifconfig endpoints [local=192.168.2.100, remote=255.255.255.0]. The local and remote VPN enpoints must exist within the same 255.255.255.252 subnet. This is a limitation of -dev tun when used with the TAP-WIN32 driver. Try 'openvpn --show-valid-subnets' option for more info.