OpenVPN from Windows 10 to NAS - can't access NAS using File Explorer

Currently reading
OpenVPN from Windows 10 to NAS - can't access NAS using File Explorer

507
189
NAS
DS212J, DS214play, DS216, DS216play, DS414, DS918+, RS212, RS816, RS819, DS223, DS920+
Router
  1. RT2600ac
  2. MR2200ac
Operating system
  1. Windows
Mobile operating system
  1. iOS
I am at my wit's end. This should be simple.
I am able to connect using OpenVPN to my NAS over the internet.
Once connected, I can ping the NAS and other local network resources (other Synology NAS units) using their LAN IP addresses.
I have no firewall running on any of the NAS's, or on the Windows 10 machine (temporarily, just to eliminate firewall issues from my problem).
I can log into DSM on the NAS's using their LAN addresses.
So the VPN itself seems to be working fine.
But what I can't do (and i *can* do it when the Windows 10 machine is on the LAN) is access any of the NAS units as network drives using Windows file explorer.
The NAS's do not show up as devices in the "Network," and I cannot reach them with \\10.86.173.??? , their LAN addresses. Even though I can ping them. And reach them through the browser.
The "workgroup" on the PC is "WORKGROUP," which matches the workgroup on the NAS's SMB service.
SMB on the NAs's is set to minimum SMB1, maximum SMB3.
The OpenVPN server on the NAS *does* have the "allow clients to access the server's LAN" box checked.

I would strongly prefer to get success at what I am doing (connect via VPN, then access local resources) rather than use, for example, WebDAV.

What might I be missing if everything works except for accessing the NAS as a network drive?
 
Well, very in-depth explanation and a lot of troubleshooting steps already done.

Considering that the fw are down then we could eliminate them altogether.

1st I would test network visibility from the win10 machine towards the target nas (after active vpn connection is on) to see if you will get SMB response at all.

So give your win10 a test with a telnet command from the command line towards your nas.

telnet yourNasIp 445

See if you can connect or you get a time out.

Also, SMB version on the nas, set the min version to 2 not 1.
 
After enabling Telnet in the NAS's control panel, I am able to make a telnet connection to the NAS as follows:

telnet
open 10.86.173.71 [this is the lan address of the NAS to which I'm connected via VPN]

This is using port 23 for telnet, the default. Using 445, there is a timeout. So there is connectivity, but not to SMB.

Have changed minimum SMB to 2; no change in behavior so far.
 
There is actually no need to activate telnet service on the nas unless you plan on using it. Telnet in this case is from a win10 machine. In any case, if there is no response then that might be a problem.

Test that same 445 traffic from a devic in the same lan as the nas just to be sure
 
Unfortunately, I have no access to the LAN, except over the internet currently, and everything on the LAN is a Synology NAS.

I was under the impression that if Telnet service wasn't turned on in Control Panel/Terminal and SNMP, you couldn't telnet into the NAS.
 
Rusty was using the telnet client as a way to test the response from NAS port 445. This is a tried and tested technique to test if there is a server application listening on a specific port, for example SMTP would be telnet <ip> 25. The listening server will respond with something. It's a bi-product of the telnet client, a bit like using a screwdriver handle as a hammer ... not the intended purpose but does a job anyway :)
 
Got it. Bottom line: port 445 is not responding... or if it is, the response isn't getting through.
Ok so that explains why there is nothing going on in that specific scenario. Considering what you wrote, smb should be working, but for some reason when you tunnel in, smb is going through.

Would try to reset smb service on the nas to start with just to be sure if there is nothing funny going on there.
 
Actually... it looks like 445 IS getting through. If i telnet to 445, I get a blank screen, which I originally interpreted as “nothing.” But if I try 446, I get a timeout, which is different. So I think 445 is working.., but I still can’t get to network resources thru windows file explorer or see network drives on the NASs. Does this provide any more clue?
 
Actually... it looks like 445 IS getting through. If i telnet to 445, I get a blank screen, which I originally interpreted as “nothing.” But if I try 446, I get a timeout, which is different. So I think 445 is working.., but I still can’t get to network resources thru windows file explorer or see network drives on the NASs. Does this provide any more clue?
Ok great. So 445 is ok, and yes, blank screen means all is well :D, should have stated that.

What happens when you try and use Windows Explorer in order to access your NAS using \\yourNASIP\ do you get username/pass challenge or not? If so, them getting NAS to show up in the network section might have something to do with MasterBrowser option in SMB service section on the NAS itself.
 
When I use \\10.86.173.71\ , or any of the numeric LAN addresses of any of my NASs, I get absolutely nothing. Eventually Windows 10 pops up with the "Diagnose" box that suggests I use Network Troubleshooter to figure out why I can't reach the destination. Network Troubleshooter finds nothing.

I am getting exactly the same results when I use Synology's own SSL VPN to log into the router. I can ping local assets, but not reach them through Windows networking. So I am suspecting a Windows configuration issue, rather than a NAS or VPN issue.
 
There's no firewall active on the NAS itself.
The router has a firewall, and even when I turn that firewall off completely, I can't access the LAN while connected to the VPN on the NAS.
 

Create an account or login to comment

You must be a member in order to leave a comment

Create account

Create an account on our community. It's easy!

Log in

Already have an account? Log in here.

Similar threads

  • Question
Everything else that I have asked you. This could be a cap at work. Maybe network team is controlling...
Replies
4
Views
968
My apologies to all. Recently had to rebuild my PC and reset my phone. Just deleted everything from...
Replies
10
Views
1,042
I have WireGuard running on my router and can access my local LAN and Synology from outside and browse the...
Replies
0
Views
810
  • Question
An update for the next victim after finally getting RT6600ax OpenVPN client to establish a tunnel to a...
Replies
1
Views
836
Oh I see it now. Sorry again I'm new here.
Replies
3
Views
983
Have you made sure that the Synology firewall has a rule to allow the IP range of the VPN through? ie...
Replies
20
Views
4,921
If I use ssh or webdav I connect directly to the IP address that OpenVPN provides. As for Plex, I just...
Replies
2
Views
2,228

Welcome to SynoForum.com!

SynoForum.com is an unofficial Synology forum for NAS owners and enthusiasts.

Registration is free, easy and fast!

Back
Top