Synology Inc. Online Community Forum

[julian33]

Updated from previous 3.x

I had a vpn configured.(pptp). It does not work anymore.

I have now (apparently) a vpn package, which still shows my vpn configuration intact. Accessing from the black square in the top left hand corner.

There is as well, via control panel, an access to vpn server which does not have nay connection configured.


Which one is the right one ??

After update, DSM asked me to upgrade the VPN package.


Before I start touching..... any advice ??

Thanks.

JCG

[TommyN]

The one in Control Panel is a VPN client.
The package is the server.

What do you mean by it's not working anymore?
Can't connect? Won't run? Something else?

[julian33]

can't connect.

I can start and stop the server. But I can' connect.

My android phone now says, "server hung up"

I saw in the forums that it may be a problem with the update. I am removing the package and reinstalling.

Will keep you posted of progress.

JCG

[julian33]

yep, removed package, reinstalled and reconfigured again.... back on line.

JCG

[TommyN]

Good you got it working again.
Some weird things happen with the updates..

[julian33]

Unfortunately, no, the problem is not solved.

There seem to be a mix of problems which makes it difficult to track down.

my pptp connection is back yes, but still no connectivity from mobile devices (android).

However, if I connect with my laptop via external connection (wireless broadband) and pptp, the laptot will be able to login into DSM.

I have an internal 192.168.x.x lan and a 10.8.2.0 VPN lan. I am no longer able to connect ( with the laptop) to the DSM if I use 192.168.x.x. ( which I was used to be able to do). If I use the 10.8.2.0 address, DSMwill come up in the browser.


Using OpenVPN is just a fiasco. My OpenVpnClient has stopped working and I am clueless how to fix it. I already deinstalled and installed again.

If I run the client from the administrator of windowsXP, it does connect, but the connection is not working well. It suddenly starts sending a flood of packets until I have to kill the connection.

This is what is left in the logs

Mon Apr 30 13:06:32 2012 Note: option http-proxy-fallback ignored because no TCP-based connection profiles are defined
Mon Apr 30 13:06:32 2012 OpenVPNAS 2.1.1oOAS Win32-MSVC++ [SSL] [LZO2] built on Jul 29 2010
Mon Apr 30 13:06:39 2012 IMPORTANT: OpenVPN's default port number is now 1194, based on an official port number assignment by IANA. OpenVPN 2.0-beta16 and earlier used 5000 as the default port.
Mon Apr 30 13:06:39 2012 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Mon Apr 30 13:06:39 2012 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Mon Apr 30 13:06:39 2012 LZO compression initialized
Mon Apr 30 13:06:39 2012 UDPv4 link local (bound): [undef]:1194
Mon Apr 30 13:06:39 2012 UDPv4 link remote: 192.168.1.153:1194
Mon Apr 30 13:06:39 2012 [Snake_Oil_CA] Peer Connection Initiated with 192.168.1.153:1194
Mon Apr 30 13:06:41 2012 TAP-WIN32 device [Local Area Connection 8] opened: \\.\Global\{556A9BCB-78FF-44D7-866B-5BB1D7E9A94D}.tap
Mon Apr 30 13:06:41 2012 Notified TAP-Win32 driver to set a DHCP IP/netmask of 10.8.2.6/255.255.255.252 on interface {556A9BCB-78FF-44D7-866B-5BB1D7E9A94D} [DHCP-serv: 10.8.2.5, lease-time: 31536000]
Mon Apr 30 13:06:41 2012 Successful ARP Flush on interface [4] {556A9BCB-78FF-44D7-866B-5BB1D7E9A94D}
Mon Apr 30 13:06:46 2012 WARNING: potential route subnet conflict between local LAN [192.168.1.0/255.255.255.0] and remote VPN [192.168.1.0/255.255.255.0]
Mon Apr 30 13:06:46 2012 Initialization Sequence Completed
Mon Apr 30 13:07:01 2012 SIGTERM[soft,management-exit] received, process exiting
[/color]

in /var/messages

Apr 30 12:42:24 openvpn[589]: 192.168.1.243:1194 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Apr 30 12:42:24 openvpn[589]: 192.168.1.243:1194 TLS Error: TLS handshake failed
Apr 30 12:55:08 openvpn[589]: event_wait : Interrupted system call (code=4)
Apr 30 12:55:13 openvpn[1247]: IMPORTANT: OpenVPN's default port number is now 1194, based on an official port number assignment by IANA. OpenVPN 2.0-beta16
Apr 30 12:55:13 openvpn[1247]: NOTE: your local LAN uses the extremely common subnet address 192.168.0.x or 192.168.1.x. Be aware that this might create rout
Apr 30 12:55:13 openvpn[1247]: NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Apr 30 12:55:13 openvpn[1247]: WARNING: file '/var/packages/VPNCenter/target/etc/openvpn/keys/server.key' is group or others accessible
Apr 30 12:55:13 openvpn[1247]: WARNING: POTENTIALLY DANGEROUS OPTION --client-cert-not-required may accept clients which do not present a certificate
Apr 30 13:06:40 openvpn[5653]: Libgcrypt warning: missing initialization - please fix the application


Alternatively if I run the VPNclient as a normal user in windows, it dies inmediatly and here is the log of the openvpnclient.


Mon Apr 30 13:06:10 2012 Note: option http-proxy-fallback ignored because no TCP-based connection profiles are defined
Options error: On Windows, --ifconfig is required when --dev tun is used
Use --help for more information.


I am pretty lost by now. It used to work seamesly. But now even the client is failing.

Cheers.

JCG

[julian33]

some progress with PPtP

I can open a ssh session with connectbot from my android phone into the NAS.

Still no way to browse using dsm mobile or any of the other apps....

I am using two android phones with different version so of the OS.

Same result.

JCG

[julian33]

now there is all this in my /var/messages


Apr 30 14:29:44 pppd[4980]: Cannot determine ethernet address for proxy ARP
Apr 30 14:30:32 pppd[4980]: Protocol-Reject for unsupported protocol 0xab
Apr 30 14:30:32 pppd[4980]: Protocol-Reject for unsupported protocol 0xd9
Apr 30 14:30:33 pppd[4980]: Protocol-Reject for unsupported protocol 0xfa82
Apr 30 14:30:35 pppd[4980]: Protocol-Reject for unsupported protocol 'Cisco Systems' (0x41)
Apr 30 14:30:37 pppd[4980]: Protocol-Reject for unsupported protocol 0xb9
Apr 30 14:30:40 pppd[4980]: Protocol-Reject for unsupported protocol 0xfadc
Apr 30 14:30:49 pppd[4980]: Protocol-Reject for unsupported protocol 0xaac2
Apr 30 14:31:08 pppd[4980]: Protocol-Reject for unsupported protocol 0x87
Apr 30 14:31:16 pppd[4980]: Protocol-Reject for unsupported protocol 0x37
Apr 30 14:31:18 pppd[4980]: Protocol-Reject for unsupported protocol 0xfadb
Apr 30 14:31:19 pppd[4980]: Protocol-Reject for unsupported protocol 'IP6 Header Compression' (0x4f)




with similar blocks repeated endlessly until I close all PPtP connectinos. At which point, /var/log/messages stops growing with this messages.

Very confusing.

JCG

[julian33]

solution for the OpenVpn problems.

First add the line "client" to your windows openpvn configuration file. It will not die to start, which is a good thing.

Then make sure that you have your protocols aligned. I had TCP on router and UDP on Openvpon files....took me half a day to figure out.

Now I can connect via OPenVPN from win7 and WINXP.

I can connect via PPTP from winxp and android. Not from Win7

I can connect from android, however, none of synology apps would work. I can ssh from the android phones into the NAS so I guess connectivity wise I am fine.

JCG

[julian33]

I nailed down the issue in WIn7 to non implementation of the GRE protocol in my router.

I assumed that if WinXp would work... WIn7 shoudl work. Apparently is not he case.

I have no idea how to activate the gre protocol in my virtual servers section. My router does not have any specific identification for vpn.

Comtrend 5387un

this is really weird.

JCG