OpenVPN from Windows 10 to NAS - can't access NAS using File Explorer

Currently reading
OpenVPN from Windows 10 to NAS - can't access NAS using File Explorer

323
123
NAS
DS212J, DS214play, DS216, DS216play, DS414, DS918+, RS816
Router
  1. RT2600ac
  2. MR2200ac
Operating system
  1. Windows
Mobile operating system
  1. iOS
I am at my wit's end. This should be simple.
I am able to connect using OpenVPN to my NAS over the internet.
Once connected, I can ping the NAS and other local network resources (other Synology NAS units) using their LAN IP addresses.
I have no firewall running on any of the NAS's, or on the Windows 10 machine (temporarily, just to eliminate firewall issues from my problem).
I can log into DSM on the NAS's using their LAN addresses.
So the VPN itself seems to be working fine.
But what I can't do (and i *can* do it when the Windows 10 machine is on the LAN) is access any of the NAS units as network drives using Windows file explorer.
The NAS's do not show up as devices in the "Network," and I cannot reach them with \\10.86.173.??? , their LAN addresses. Even though I can ping them. And reach them through the browser.
The "workgroup" on the PC is "WORKGROUP," which matches the workgroup on the NAS's SMB service.
SMB on the NAs's is set to minimum SMB1, maximum SMB3.
The OpenVPN server on the NAS *does* have the "allow clients to access the server's LAN" box checked.

I would strongly prefer to get success at what I am doing (connect via VPN, then access local resources) rather than use, for example, WebDAV.

What might I be missing if everything works except for accessing the NAS as a network drive?
 

Rusty

Moderator
NAS Support
2,383
706
www.blackvoid.club
NAS
DS412+, DS718+, DS918+, 2x RS3614RPxs+ with expansions
Router
  1. RT1900ac
  2. RT2600ac
  3. MR2200ac
Operating system
  1. macOS
Mobile operating system
  1. iOS
Well, very in-depth explanation and a lot of troubleshooting steps already done.

Considering that the fw are down then we could eliminate them altogether.

1st I would test network visibility from the win10 machine towards the target nas (after active vpn connection is on) to see if you will get SMB response at all.

So give your win10 a test with a telnet command from the command line towards your nas.

telnet yourNasIp 445

See if you can connect or you get a time out.

Also, SMB version on the nas, set the min version to 2 not 1.
 
323
123
NAS
DS212J, DS214play, DS216, DS216play, DS414, DS918+, RS816
Router
  1. RT2600ac
  2. MR2200ac
Operating system
  1. Windows
Mobile operating system
  1. iOS
After enabling Telnet in the NAS's control panel, I am able to make a telnet connection to the NAS as follows:

telnet
open 10.86.173.71 [this is the lan address of the NAS to which I'm connected via VPN]

This is using port 23 for telnet, the default. Using 445, there is a timeout. So there is connectivity, but not to SMB.

Have changed minimum SMB to 2; no change in behavior so far.
 

Rusty

Moderator
NAS Support
2,383
706
www.blackvoid.club
NAS
DS412+, DS718+, DS918+, 2x RS3614RPxs+ with expansions
Router
  1. RT1900ac
  2. RT2600ac
  3. MR2200ac
Operating system
  1. macOS
Mobile operating system
  1. iOS
There is actually no need to activate telnet service on the nas unless you plan on using it. Telnet in this case is from a win10 machine. In any case, if there is no response then that might be a problem.

Test that same 445 traffic from a devic in the same lan as the nas just to be sure
 
323
123
NAS
DS212J, DS214play, DS216, DS216play, DS414, DS918+, RS816
Router
  1. RT2600ac
  2. MR2200ac
Operating system
  1. Windows
Mobile operating system
  1. iOS
Unfortunately, I have no access to the LAN, except over the internet currently, and everything on the LAN is a Synology NAS.

I was under the impression that if Telnet service wasn't turned on in Control Panel/Terminal and SNMP, you couldn't telnet into the NAS.
 

fredbert

Moderator
NAS Support
Subscriber
1,623
674
NAS
DS1520+, DS218+, DS215j
Router
  1. RT2600ac
  2. MR2200ac
Operating system
  1. macOS
Mobile operating system
  1. iOS
Rusty was using the telnet client as a way to test the response from NAS port 445. This is a tried and tested technique to test if there is a server application listening on a specific port, for example SMTP would be telnet <ip> 25. The listening server will respond with something. It's a bi-product of the telnet client, a bit like using a screwdriver handle as a hammer ... not the intended purpose but does a job anyway :)
 
323
123
NAS
DS212J, DS214play, DS216, DS216play, DS414, DS918+, RS816
Router
  1. RT2600ac
  2. MR2200ac
Operating system
  1. Windows
Mobile operating system
  1. iOS
Got it. Bottom line: port 445 is not responding... or if it is, the response isn't getting through.
 

Rusty

Moderator
NAS Support
2,383
706
www.blackvoid.club
NAS
DS412+, DS718+, DS918+, 2x RS3614RPxs+ with expansions
Router
  1. RT1900ac
  2. RT2600ac
  3. MR2200ac
Operating system
  1. macOS
Mobile operating system
  1. iOS
Got it. Bottom line: port 445 is not responding... or if it is, the response isn't getting through.
Ok so that explains why there is nothing going on in that specific scenario. Considering what you wrote, smb should be working, but for some reason when you tunnel in, smb is going through.

Would try to reset smb service on the nas to start with just to be sure if there is nothing funny going on there.
 
323
123
NAS
DS212J, DS214play, DS216, DS216play, DS414, DS918+, RS816
Router
  1. RT2600ac
  2. MR2200ac
Operating system
  1. Windows
Mobile operating system
  1. iOS
Actually... it looks like 445 IS getting through. If i telnet to 445, I get a blank screen, which I originally interpreted as “nothing.” But if I try 446, I get a timeout, which is different. So I think 445 is working.., but I still can’t get to network resources thru windows file explorer or see network drives on the NASs. Does this provide any more clue?
 

Rusty

Moderator
NAS Support
2,383
706
www.blackvoid.club
NAS
DS412+, DS718+, DS918+, 2x RS3614RPxs+ with expansions
Router
  1. RT1900ac
  2. RT2600ac
  3. MR2200ac
Operating system
  1. macOS
Mobile operating system
  1. iOS
Actually... it looks like 445 IS getting through. If i telnet to 445, I get a blank screen, which I originally interpreted as “nothing.” But if I try 446, I get a timeout, which is different. So I think 445 is working.., but I still can’t get to network resources thru windows file explorer or see network drives on the NASs. Does this provide any more clue?
Ok great. So 445 is ok, and yes, blank screen means all is well :D, should have stated that.

What happens when you try and use Windows Explorer in order to access your NAS using \\yourNASIP\ do you get username/pass challenge or not? If so, them getting NAS to show up in the network section might have something to do with MasterBrowser option in SMB service section on the NAS itself.
 
323
123
NAS
DS212J, DS214play, DS216, DS216play, DS414, DS918+, RS816
Router
  1. RT2600ac
  2. MR2200ac
Operating system
  1. Windows
Mobile operating system
  1. iOS
When I use \\10.86.173.71\ , or any of the numeric LAN addresses of any of my NASs, I get absolutely nothing. Eventually Windows 10 pops up with the "Diagnose" box that suggests I use Network Troubleshooter to figure out why I can't reach the destination. Network Troubleshooter finds nothing.

I am getting exactly the same results when I use Synology's own SSL VPN to log into the router. I can ping local assets, but not reach them through Windows networking. So I am suspecting a Windows configuration issue, rather than a NAS or VPN issue.
 

Rusty

Moderator
NAS Support
2,383
706
www.blackvoid.club
NAS
DS412+, DS718+, DS918+, 2x RS3614RPxs+ with expansions
Router
  1. RT1900ac
  2. RT2600ac
  3. MR2200ac
Operating system
  1. macOS
Mobile operating system
  1. iOS
Do you have a firewall on the nas side active? If so, have you added your VPN network subnet and allowed it access to your lan?
 
323
123
NAS
DS212J, DS214play, DS216, DS216play, DS414, DS918+, RS816
Router
  1. RT2600ac
  2. MR2200ac
Operating system
  1. Windows
Mobile operating system
  1. iOS
There's no firewall active on the NAS itself.
The router has a firewall, and even when I turn that firewall off completely, I can't access the LAN while connected to the VPN on the NAS.
 

fredbert

Moderator
NAS Support
Subscriber
1,623
674
NAS
DS1520+, DS218+, DS215j
Router
  1. RT2600ac
  2. MR2200ac
Operating system
  1. macOS
Mobile operating system
  1. iOS
You list SRM devices, can you try using VPN Plus instead?
 
22
9
NAS
RS3618xs, RS1219+, DS1019+, DS1813+, DS118.
When you are connected via the VPN is your Windows 10 network profile Public or Private?
 
323
123
NAS
DS212J, DS214play, DS216, DS216play, DS414, DS918+, RS816
Router
  1. RT2600ac
  2. MR2200ac
Operating system
  1. Windows
Mobile operating system
  1. iOS
%^*&@$*&^ WINDOWS!!!!!
Unchecking "File and Printer Sharing for Microsoft Windows" and then checking it again solved the problem.
 

fredbert

Moderator
NAS Support
Subscriber
1,623
674
NAS
DS1520+, DS218+, DS215j
Router
  1. RT2600ac
  2. MR2200ac
Operating system
  1. macOS
Mobile operating system
  1. iOS
Obviously! Well done.
 

Rusty

Moderator
NAS Support
2,383
706
www.blackvoid.club
NAS
DS412+, DS718+, DS918+, 2x RS3614RPxs+ with expansions
Router
  1. RT1900ac
  2. RT2600ac
  3. MR2200ac
Operating system
  1. macOS
Mobile operating system
  1. iOS
%^*&@$*&^ WINDOWS!!!!!
Unchecking "File and Printer Sharing for Microsoft Windows" and then checking it again solved the problem.
Ahh what to say... windows
 

Create an account or login to comment

You must be a member in order to leave a comment

Create account

Create an account on our community. It's easy!

Log in

Already have an account? Log in here.

Welcome to SynoForum.com!

SynoForum.com is an unofficial Synology forum for NAS owners and enthusiasts.

Registration is free, easy and fast!

Similar threads

Similar threads

Trending threads

Top