I cant reach my HDA from outside my network (VPN-trouble?)

[PeterD]

Hi, I have a green "A" in the statusbar (HDAConnect/WindowsXP at work), but how do I "use" the VPN-tunnel?

I have tried "\\hda" in the fileexplorer, username.yourhda.com and "dolietis.com" (i.e. my home.com) in the browser(chrome), but none works. Is there a problem that my username has some capital letters?

Tha Amahi control panel says that the VPN connection is active (port 1194/UDP is forwarded).

What I am missing? I still have the DHCP active in my modem/router.

This is the HDAConnect log (I dont know if this gives everone, but me, access to my HDA)
Mon Dec 12 11:28:00 2011 OpenVPN 2.1_rc15 i686-pc-mingw32 [SSL] [LZO2] [PKCS11] built on Nov 19 2008
Mon Dec 12 11:28:00 2011 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Mon Dec 12 11:28:00 2011 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Mon Dec 12 11:28:00 2011 LZO compression initialized
Mon Dec 12 11:28:00 2011 Control Channel MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ]
Mon Dec 12 11:28:00 2011 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
Mon Dec 12 11:28:00 2011 Local Options hash (VER=V4): '41690919'
Mon Dec 12 11:28:00 2011 Expected Remote Options hash (VER=V4): '530fdded'
Mon Dec 12 11:28:00 2011 Socket Buffers: R=[8192->8192] S=[8192->8192]
Mon Dec 12 11:28:00 2011 UDPv4 link local: [undef]
Mon Dec 12 11:28:00 2011 UDPv4 link remote: 91.153.112.29:1194
Mon Dec 12 11:28:00 2011 TLS: Initial packet from 91.153.112.29:1194, sid=d8002b47 1786d6e2
Mon Dec 12 11:28:00 2011 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Mon Dec 12 11:28:00 2011 VERIFY OK: depth=1, /C=US/ST=CA/L=SanJose/O=HomeHDA/OU=VPN/CN=yourhda.com/emailAddress=info@homehda.com
Mon Dec 12 11:28:00 2011 VERIFY OK: depth=0, /C=US/ST=CA/L=SanJose/O=HomeHDA/OU=VPN/CN=server/emailAddress=info@homehda.com
Mon Dec 12 11:28:00 2011 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Mon Dec 12 11:28:00 2011 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Mon Dec 12 11:28:00 2011 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Mon Dec 12 11:28:00 2011 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Mon Dec 12 11:28:00 2011 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Mon Dec 12 11:28:00 2011 [server] Peer Connection Initiated with 91.153.112.29:1194
Mon Dec 12 11:28:02 2011 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
Mon Dec 12 11:28:02 2011 PUSH: Received control message: 'PUSH_REPLY,route 192.168.100.1 255.255.255.0,dhcp-option DNS 192.168.100.80,dhcp-option DOMAIN dolietis.com,route 10.8.0.1,topology net30,ping 10,ping-restart 220,ifconfig 10.8.0.6 10.8.0.5'
Mon Dec 12 11:28:02 2011 OPTIONS IMPORT: timers and/or timeouts modified
Mon Dec 12 11:28:02 2011 OPTIONS IMPORT: --ifconfig/up options modified
Mon Dec 12 11:28:02 2011 OPTIONS IMPORT: route options modified
Mon Dec 12 11:28:02 2011 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Mon Dec 12 11:28:02 2011 ROUTE default_gateway=130.232.147.254
Mon Dec 12 11:28:02 2011 TAP-WIN32 device [Local Area Connection 2] opened: \\.\Global\{06386483-C50F-42F2-B538-B80FB519561D}.tap
Mon Dec 12 11:28:02 2011 TAP-Win32 Driver Version 9.4
Mon Dec 12 11:28:02 2011 TAP-Win32 MTU=1500
Mon Dec 12 11:28:02 2011 Notified TAP-Win32 driver to set a DHCP IP/netmask of 10.8.0.6/255.255.255.252 on interface {06386483-C50F-42F2-B538-B80FB519561D} [DHCP-serv: 10.8.0.5, lease-time: 31536000]
Mon Dec 12 11:28:02 2011 Successful ARP Flush on interface [196610] {06386483-C50F-42F2-B538-B80FB519561D}
Mon Dec 12 11:28:04 2011 TEST ROUTES: 2/2 succeeded len=2 ret=1 a=0 u/d=up
Mon Dec 12 11:28:04 2011 C:\WINDOWS\system32\route.exe ADD 192.168.100.1 MASK 255.255.255.0 10.8.0.5
Mon Dec 12 11:28:04 2011 C:\WINDOWS\system32\route.exe ADD 10.8.0.1 MASK 255.255.255.255 10.8.0.5
Mon Dec 12 11:28:04 2011 Initialization Sequence Completed


What should I do?
(I am a Linux rookie)

[bigfoot65]

Recommend you check the wiki.

http://wiki.amahi.org/index.php/VPN_troubleshooting

Also might consider this one as well to ensure all is well.

http://wiki.amahi.org/index.php/Network_troubleshooting

I presume you have port 1194 forwarded UDP on your router. If you are still using your router for DHCP, ensure the Amahi DHCP turned off. You cannot run both or there will be problems.

[PeterD]

Thank for the help. I have now used the Interactive Amahi Network Troubleshooter and it produced this result,
Using the Network Troubleshooter, I failed step 11 - Router is reachable from clients?. Here's a paste to help troubleshoot: http://pastebin.com/b1yhD06e

Help needed.
/Peter

[bigfoot65]

That might indicate your client machine is not getting it's DHCP lease from the HDA. Did you refresh it after installing Amahi.

I presume your settings for the router and HDA match what you entered in your HDA profile on amahi.org.

[PeterD]

Well, my local clients have no problem reaching and using the HDA. It's when I'm outside my net and wants to connect via VPN that I fail. It fails even though the control panel says VPN is active and HDAConnect says it is connected.

[bigfoot65]

Ok, have you forwarded port 1194 as UDP, not TCP? That is a key step for VPN.

[PeterD]

Yes, 1194 UDP. I guess that the Amahi control panel is checking that, and that one says I'm ok. Even HDAConnect says I'm connected, but I cant reach the HDA with \\hda in file explorer.

[bigfoot65]

The control panel at amahi.org is not always correct. Have you tried using the domain name when doing \\hda?

http://wiki.amahi.org/index.php/Shares_troubleshooting

Also, is it possible there is a firewall with the connection you are using that is preventing access?

[PeterD]

I have tried with the full domain name and no firewall, but still not able to reach my shares from outside my network. I have only tried from windows XP machines(from two different external networks).

[bigfoot65]

Have you looked at this in the wiki?

http://wiki.amahi.org/index.php/VPN_troubleshooting

Maybe look at some log files in /var/log such as boot or dmesg to see if they offer any clues.