Cannot get OpenVPN working

[luco]

I have tried for several hours over a few days and I'm getting nowhere, so turning here for help.

I'm running Amahi 8 and I'm trying to finally enable external access to my HDA. I wanted to setup and test OpenVPN on my Android phone since that's the easiest way to ensure I'm on an external network that's not using the 192.168.x.x addressing on the client.
My Android phone is running 6.0 and is not rooted.

Here's what I've done so far and my results:
1. I have installed OpenVPN using the app from the site.
2. Went to my Control Panel to test VPN. Test was successful.
3. Installed OpenVPN for Android from the Play Store.
4. Followed the OpenVPN for Android wiki to configure the OpenVPN client on my phone.
5. I could not connect, so I followed the OpenVPN Troubleshooting guide. From that, I found that my ISP Bell is likely blocking 1194 UDP port forwarding. So, I switched to 1194 TCP using the steps in the guide. Restarted openvpn service on amahi and restarted my client on the phone. Tried connecting, but couldn't.
6. I noticed the TLS handshake error in my client's log, so I followed the steps in this guideto fix that.
7. Tried connecting again... nope! Tried the VPN Tester on the Contorl Panel and that's now reporting that VPN is Inactive. I'm getting these errors in my OpenVPN client on Android:
12:43PM TCP/UDP: Preserving recently used remote address: [AF_INET]142.x.x.x:1194
12:43PM Attempting to establish TCP connection with [AF_INET]142.x.x.x:1194 [nonblock]
12:43PM TCP connection established with [AF_INET]142.x.x.x:1194
12:43PM TCP_CLIENT link local: (notbound)
12:43PM TCP_CLIENT link remote: [AF_INET]142.x.x.x:1194
12:43PM Connection reset, restarting [0]
12:43PM SIGUSR1[soft,connection-reset] received, process restarting
8. Not understanding the above error, I went to check the amahi.conf file on my HDA. In it, I spotted that the entries for the push route etc. seemed incorrect and the DNS IP was incorrect as well. It was from my original configuration and since then I switched ISPs and their router uses a different gateway. So, I updated the IPs in the config file. But why did my OpenVPN Tester from my control panel work before I switched the protocol to TCP even with these IP addresses? Should I have left them alone?
9. Still cannot connect. OpenVPN Tester reports "Inactive ...enable it." However, running status command on my HDA shows that OpenVPN is active and running.

I'm at a complete loss as to what to try next and now I have heavily configured the files on both server and client sides following the above tutorials. Please help!

Thank you.

[luco]

I'm not sure if this is related, but I'll add this here. I tried to use HDAConnect to connect to my HDA from a Windows PC on external network and that failed. Here's the log from HDAConnect:

Mon Dec 12 12:20:27 2016 OpenVPN 2.1_rc15 i686-pc-mingw32 [SSL] [LZO2] [PKCS11] built on Nov 19 2008
Mon Dec 12 12:20:27 2016 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Mon Dec 12 12:20:27 2016 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Mon Dec 12 12:20:28 2016 LZO compression initialized
Mon Dec 12 12:20:28 2016 Control Channel MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ]
Mon Dec 12 12:20:28 2016 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
Mon Dec 12 12:20:28 2016 Local Options hash (VER=V4): '41690919'
Mon Dec 12 12:20:28 2016 Expected Remote Options hash (VER=V4): '530fdded'
Mon Dec 12 12:20:28 2016 Socket Buffers: R=[65536->65536] S=[65536->65536]
Mon Dec 12 12:20:28 2016 UDPv4 link local: [undef]
Mon Dec 12 12:20:28 2016 UDPv4 link remote: 142.x.x.x:1194

Now, I have also noticed that my Network, HDA IP Address, Network Gateway information is wrong in the Control Panel on amahi.org. Also, I cannot access my xxxx.yourhda.com website. It just times out.
Does this mean my dynamic DNS is not working properly and the VPN requests are not being redirected to my HDA inside my network?
How can I fix the info in the control panel?
My HDA is my DHCP and DNS server on my home network.

Thanks!

[bigfoot65]

Now, I have also noticed that my Network, HDA IP Address, Network Gateway information is wrong in the Control Panel on amahi.org. Also, I cannot access my xxxx.yourhda.com website. It just times out.
Does this mean my dynamic DNS is not working properly and the VPN requests are not being redirected to my HDA inside my network?

This is likely your problem.

There are only two options to correct this:
1. Start over and ensure the HDA profile reflects the IP address you use on the HDA.

2. Change the IP Address on the HDA to match the HDA profile. Not sure how it would not match unless you did something manually.

Did you enter the correct information when creating the HDA profile? You would not need to assign a static IP address as the HDA should get that automatically upon completion of the Amahi installation.

[luco]

Now, I have also noticed that my Network, HDA IP Address, Network Gateway information is wrong in the Control Panel on amahi.org. Also, I cannot access my xxxx.yourhda.com website. It just times out.
Does this mean my dynamic DNS is not working properly and the VPN requests are not being redirected to my HDA inside my network?

This is likely your problem.

There are only two options to correct this:
1. Start over and ensure the HDA profile reflects the IP address you use on the HDA.

2. Change the IP Address on the HDA to match the HDA profile. Not sure how it would not match unless you did something manually.

Did you enter the correct information when creating the HDA profile? You would not need to assign a static IP address as the HDA should get that automatically upon completion of the Amahi installation.

I initially had 192.168.0.x addressing on my network, but switched ISPs and the new router had a different gateway (192.168.2.x), so I switched gateways using this wiki tutorial.
I can see in my dashboard under settings that the gateway info is correct. It must be since I'm successfully using HDA on my network and it's my DHCP and DNS server.

So, are you saying that the wiki steps are incorrect and changing gateway (and subsequent internal addressing) cannot be done once the initial installation is completed? Is there anyway to change the HDA profile on amahi.org?
Now, I do want to upgrade to Amahi 9 at some point, but I really hope I don't have to rebuild my whole server right now as I would want to setup external VPN access tomorrow at the latest.

Thanks you

[bigfoot65]

initially had 192.168.0.x addressing on my network, but switched ISPs and the new router had a different gateway (192.168.2.x), so I switched gateways.

Does your router have the capability to change from 2.x to 0.x? Mine does, so that's why I ask.

What version of Amahi are you using? Could you provide the URL fro the following:

Code: Select all

apaste --sysinfo

[luco]

initially had 192.168.0.x addressing on my network, but switched ISPs and the new router had a different gateway (192.168.2.x), so I switched gateways.

Does your router have the capability to change from 2.x to 0.x? Mine does, so that's why I ask.

What version of Amahi are you using? Could you provide the URL fro the following:

Code: Select all

apaste --sysinfo

I'm running Amahi 8.
Yes, I believe I can change the router's default IP/gateway. I'm half tempted to just upgrade to Amahi 9 and start over since I want ZoneMinder and it's only available on 9. But I'm not sure how difficult it would be. I don't have any custom apps etc. Just would hate to have to rebuild my drives. I guess I can't just do a fresh install on my OS partition and expect the shares to just work after new OS install. That's off topic though.

Anyways, here's my sysinfo.

[luco]

Side question: if I want to do a clean install of Amahi 9, do I still have to use the same info shown in my current control panel? That is, the same installation code plus the same network setup info such as my IP address etc.? I ask because this means that I really need to switch my router to match the control panel anyways even if I want to start from scratch, correct? The only other option for a fresh install is to get a brand new HDA profile, correct?

If I have to do this anyway and then try to retrace all the changes I made to my network settings (like changing the amahi.conf file IP info etc.) I might as well start clean and not worry about forgetting something.

[bigfoot65]

if I want to do a clean install of Amahi 9, do I still have to use the same info shown in my current control panel? That is, the same installation code plus the same network setup info such as my IP address etc.? I ask because this means that I really need to switch my router to match the control panel anyways even if I want to start from scratch, correct? The only other option for a fresh install is to get a brand new HDA profile, correct?

It is recommended if you do a new install to remove the old HDA profile and create a new one. Doing so when then ensure you can set the gateway and IP address to match.

[luco]

if I want to do a clean install of Amahi 9, do I still have to use the same info shown in my current control panel? That is, the same installation code plus the same network setup info such as my IP address etc.? I ask because this means that I really need to switch my router to match the control panel anyways even if I want to start from scratch, correct? The only other option for a fresh install is to get a brand new HDA profile, correct?

It is recommended if you do a new install to remove the old HDA profile and create a new one. Doing so when then ensure you can set the gateway and IP address to match.

Thank you.
So, I need to shutdown HDA, then wait a few minutes and go to the Control Panel and when I see "X", I can remove it, correct?
I can then start building a new HDA with the same name?

I know I'm going way off topic here, but I'm leaning heavily towards building a new Amahi 9 from scratch. Since I have Fedora/Amahi installed on one drive and I have two other drives with data, am I safe to assume that I can just install fresh Fedora 23/Amahi 9 on the OS drive and then follow the "Add Drives.." tutorial to re-mount and re-map the data on the other two drives? I'm not too well versed in Linux and I've read that partitions have to be properly unmounted etc. before the data can be read on another PC. I have read the whole HDA OS Migration wiki, but I don't want to copy my settings over to the new install since I have apparently messed some up above trying to get my OpenVPN running. Or should I be safe if I do the following?
1. Change my router's gateway to 192.168.0.x to match my HDA profile.
2. Change my gateway settings in HDA and confirm I can access my shares and DHCP/DNS from Amahi is working for my home network clients.
3. Remove all apps from my Amahi 8 installation and reboot the server.
4. Follow the HDA OS Migration wiki to upgrade to Amahi 9.
5. Reinstall OpenVPN app and try to configure it using the wikis for it.
6. Try HDAConnect again.

Thanks again.

[bigfoot65]

Or should I be safe if I do the following?
1. Change my router's gateway to 192.168.0.x to match my HDA profile.
2. Change my gateway settings in HDA and confirm I can access my shares and DHCP/DNS from Amahi is working for my home network clients.
3. Remove all apps from my Amahi 8 installation and reboot the server.

I would try this route first before doing a new intall.

Then follow the http://docs.amahi.org guidance for Upgrading Amahi 8 to Amahi 9. It works fairly well and would save you time.

The HDA OS Migration Guide is more for those who cannot do an upgrade.