unable to access shares via VPN

[djchamkila]

Hello I am not able to access anything on HDA when on VPN. I know my VPN is working because I can access my router settings on 192.169.1.1

[bigfoot65]

Recommend you try the VPN troubleshooting guide in the wiki. You might consider trying some of the other ones as well to make sure all is working correctly.

http://wiki.amahi.org/index.php/VPN_troubleshooting

[djchamkila]

Fact that I am able to access my Router settings when I VPN is confusing me.

Below is my log file if this will help.


Tue Dec 27 21:48:36 2011 OpenVPN 2.1_rc15 i686-pc-mingw32 [SSL] [LZO2] [PKCS11] built on Nov 19 2008
Tue Dec 27 21:48:36 2011 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Tue Dec 27 21:48:36 2011 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Tue Dec 27 21:48:37 2011 LZO compression initialized
Tue Dec 27 21:48:37 2011 Control Channel MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ]
Tue Dec 27 21:48:37 2011 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
Tue Dec 27 21:48:37 2011 Local Options hash (VER=V4): '41690919'
Tue Dec 27 21:48:37 2011 Expected Remote Options hash (VER=V4): '530fdded'
Tue Dec 27 21:48:37 2011 Socket Buffers: R=[8192->8192] S=[8192->8192]
Tue Dec 27 21:48:37 2011 UDPv4 link local: [undef]
Tue Dec 27 21:48:37 2011 UDPv4 link remote: **.***.***.**:1194
Tue Dec 27 21:48:37 2011 TLS: Initial packet from **.***.***.**:1194, sid=3745c066 bffff862
Tue Dec 27 21:48:37 2011 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Tue Dec 27 21:48:37 2011 VERIFY OK: depth=1, /C=US/ST=CA/L=SanJose/O=HomeHDA/OU=VPN/CN=yourhda.com/emailAddress=info@homehda.com
Tue Dec 27 21:48:37 2011 VERIFY OK: depth=0, /C=US/ST=CA/L=SanJose/O=HomeHDA/OU=VPN/CN=server/emailAddress=info@homehda.com
Tue Dec 27 21:48:37 2011 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Tue Dec 27 21:48:37 2011 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Tue Dec 27 21:48:37 2011 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Tue Dec 27 21:48:37 2011 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Tue Dec 27 21:48:37 2011 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Tue Dec 27 21:48:37 2011 [server] Peer Connection Initiated with **.***.***.**:1194
Tue Dec 27 21:48:39 2011 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
Tue Dec 27 21:48:39 2011 PUSH: Received control message: 'PUSH_REPLY,route 192.168.1.0 255.255.255.0,dhcp-option DNS 192.168.1.10,dhcp-option DOMAIN *******.com,route 10.8.0.1,topology net30,ping 10,ping-restart 220,ifconfig 10.8.0.6 10.8.0.5'
Tue Dec 27 21:48:39 2011 OPTIONS IMPORT: timers and/or timeouts modified
Tue Dec 27 21:48:39 2011 OPTIONS IMPORT: --ifconfig/up options modified
Tue Dec 27 21:48:39 2011 OPTIONS IMPORT: route options modified
Tue Dec 27 21:48:39 2011 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Tue Dec 27 21:48:39 2011 ROUTE default_gateway=192.168.0.1
Tue Dec 27 21:48:39 2011 TAP-WIN32 device [Local Area Connection 3] opened: \\.\Global\{86CDD026-0D6D-4BBA-9C1A-D884DC77FD32}.tap
Tue Dec 27 21:48:39 2011 TAP-Win32 Driver Version 9.4
Tue Dec 27 21:48:39 2011 TAP-Win32 MTU=1500
Tue Dec 27 21:48:39 2011 Notified TAP-Win32 driver to set a DHCP IP/netmask of 10.8.0.6/255.255.255.252 on interface {86CDD026-0D6D-4BBA-9C1A-D***********} [DHCP-serv: 10.8.0.5, lease-time: 31536000]
Tue Dec 27 21:48:39 2011 Successful ARP Flush on interface [45] {8*******-0D6D-4BBA-9C1A-D***********}
Tue Dec 27 21:48:41 2011 TEST ROUTES: 2/2 succeeded len=2 ret=1 a=0 u/d=up
Tue Dec 27 21:48:41 2011 C:\WINDOWS\system32\route.exe ADD 192.168.1.0 MASK 255.255.255.0 10.8.0.5
Tue Dec 27 21:48:41 2011 C:\WINDOWS\system32\route.exe ADD 10.8.0.1 MASK 255.255.255.255 10.8.0.5
Tue Dec 27 21:48:41 2011 Initialization Sequence Completed

[bigfoot65]

Ok, did you try the troubleshooters? Also I presume you forwarded port 1194 UDP and not TCP on your router.

I do not see much in the log that helps me give you a direction.

[djchamkila]

I just switched from 1194/udp to 1194/tcp and now I can't even make connection so I might have to stick with UDP. But can't change it until I get home since I am not able to access my router settings anymore.

Question about DHCP. I have DHCP server on in my router and not in Amahi. But VPN should still work right ?

[bigfoot65]

Sorry, did not mean for you to switch from UDP to TCP. Just wanted to ensure you were using UDP.

As for DHCP, yes it will work with router and not HDA. However, ensure your DNS server is pointed to HDA. It has to be the sole DNS server for everything to work correctly.

Also, you may find that you need to access shares differently other than \\hda depending on the clients. You might have to use IP address or the FQDN for your server. The shares troubleshooter in the wiki explains it more in detail.

BTW, you have still not answered if you have tried the troubleshooters in the wiki. You can find a lot of assistance there for many things.

[djchamkila]

oh I am sorry yes I tried troubleshooter from wiki, I guess only thing from Troubleshooter I tried was switching from UDP to TCP. I didn't try changing port to 443, simply because I was able to access my router settings so I thought Port was forwarding correctly. And last thing there was to troubleshoot TLS Handshake failure but I assumed if I got into my router I handshaked.

but I think I might not have DNS correctly setup. I will look at it tonight when I get home and will report back.

Thanks for your help and time

[djchamkila]

I guess I am not sure where I need to point DNS server to my amahi HDA... in Router settings or somewhere else ?

[bigfoot65]

Possibly. Many routers have a setting for DNS server. You would probably have less problems if you used the HDA for DHCP and DNS versus the router.

[djchamkila]

ok I am going to turn on the DHCP on Amahi and give it a shot. I will report back.