Amahi Forums

I can't get my qwest DSL modem working with HDAConnect VPN, and I think I found the problem.

From the qwest PK5000 FAQ :

Which Virtual Private Networking (VPN) protocols are supported?
The Actiontec® PK5000 supports pass-through for IPSec, PPTP and L2TP.
http://www.qwest.com/internethelp/modem ... 0_FAQ.html


The openVPN documentation says:

OpenVPN is not compatible with IPSec, IKE, PPTP, or L2TP.
http://openvpn.net/index.php/component/ ... envpn.html

So I'm going to look into alternative VPN client options, and I'll post an update if I get it to work.

Other than VPN, the PK5000 modem is working fine in my setup, with DHCP disabled in the modem and running on my Amahi server.

Not really the reason.

You just have to forward port 1194 UDP to your HDA's IP.

A simple search reveals PK5000 FAQ and from that, this port forwarding for port 80 PDF.


So, all you need is starting port 1194, ending port 1194, prococol is udp and IP is the IP of your HDA. See page 3.

The VPN works just fine with my Qwest PK5000. They just make configuring it harder than older modems. Although I'm not very happy about the lack of multicast forwarding support (no Amahitunes!).

Not really the reason.

You just have to forward port 1194 UDP to your HDA's IP ...

So, all you need is starting port 1194, ending port 1194, prococol is udp and IP is the IP of your HDA. See page 3.

That's how I configured the modem, but here's what I get in HDAConnect when I try to connect from a remote site:

Fri Jul 16 16:04:10 2010 OpenVPN 2.1_rc15 i686-pc-mingw32 [SSL] [LZO2] [PKCS11] built on Nov 19 2008
Fri Jul 16 16:04:10 2010 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Fri Jul 16 16:04:10 2010 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Fri Jul 16 16:04:10 2010 LZO compression initialized
Fri Jul 16 16:04:10 2010 Control Channel MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ]
Fri Jul 16 16:04:11 2010 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
Fri Jul 16 16:04:11 2010 Local Options hash (VER=V4): '41690919'
Fri Jul 16 16:04:11 2010 Expected Remote Options hash (VER=V4): '530fdded'
Fri Jul 16 16:04:11 2010 Socket Buffers: R=[8192->8192] S=[64512->64512]
Fri Jul 16 16:04:11 2010 UDPv4 link local: [undef]
Fri Jul 16 16:04:11 2010 UDPv4 link remote: 174.xx.xxx.153:1194
Fri Jul 16 16:05:11 2010 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Fri Jul 16 16:05:11 2010 TLS Error: TLS handshake failed
Fri Jul 16 16:05:11 2010 TCP/UDP: Closing socket
Fri Jul 16 16:05:11 2010 SIGUSR1[soft,tls-error] received, process restarting

and so on ...

The VPN connection test in the control panel shows the green light (Active!) - does that mean a test client got through to my server on port 1194 and received a response?

That's a very clear indication that there is some issue. If the Amahi.org VPN check shows active, then your home network seems properly forwarded.

The issue therefore is probably in your remote site. some places block pretty much everything not riding port 80.