Solved OpenVPN Server not working properly after DSM Update

Currently reading
Solved OpenVPN Server not working properly after DSM Update

242
63
Ok. Same device (mobile phone?), put it on airplane mode and enable WiFi.
This way we take the router out of the picture and we’re on the LAN.
Connect to the VPN service. Can you ping?

Okay, Yes still same device. So airplane on and WIFI enable a get connected to the VPN Server I see my device with the assigned IP, but when I ping 192.168.5.1 it is lost again no connection
 
242
63
I'm going try something else. I'm going to install OpenVPN-as in my docker and see if I can connect
 
2,192
928
NAS
DS220+ : DS1019+ : DS920+ : DS118 : APC Back UPS ES 700 — Mac/iOS user
Ok. Anyway, the test makes no sense in the context of a VPN connection since traffic is tunneled anyway. But we’re throwing things at the wall now :)

Can you go to security and check if there’s anything under Account in the allow/block list.

You better make it work, I’m running out of ideas :)
 
242
63
A bit late to ask this, but I’m sure you’ve tried restarting the whole NAS right? :D

Yes, I've restarted the NAS;)
Also nothing in the allow/blocklist

We're definitely hitting a wall here:)
I'm going to try the openvpn-as docker version see how I goes
 
242
63
After the changes we tried, did you export the configuration to the client and tried, or did you try with the old configuration?

:unsure: I used the old config files, but I think It shouldn't make a difference..?
 
242
63
Not sure. maybe you can try exporting as a final check.

Okay,
So I have exported a new config file and tried that one...OMG Guess what I could ping the VPN IP 192.168.5.1
Then I tried to ping my NAS IP 192.168.178.110 that failed. So next I tried my VDSM IP 192.168.178.115 and I could ping that one as well.
Then I tried to connect with DS File app with my:
- sub.domainname.com (which failed)
- IP NAS 192.168.178.110 (failed)
- IP 192.168.5.1 (connected could login)

So I guess the new config file did the trick!
Now I have to figure out how to connect/login again with my domain, because that was how it was before
For now thanks for your help! :)
 
242
63
Everything is working again as it was before:love:

This is how I manage to login with my domain-name

I’ve been using the default DNS Server for years so the setup was relatively easy for me.
This can only be done if you already have the DNS Server running otherwise you need to setup DNS Server first.

A simple walk through


1. create a view call and it e.g. LAN
2. Limit source IP service with your NAS IP range (e.g. 192.168.1.0/255.255.255.0)
3. Tab Select Zone, select your Zone ID (the first master zone you already have)
4. Go back to Zone and create a new master zone for your domain, but this time with the IP range of the VPN e.g. (10.8.0.1)
5. Then go back to Views and create a second view e.g. VPN
6. Tab Select Zone, select your Zone ID (the second master zone you just created)
7. Limit source IP service with your NAS IP range (e.g. 10.8.0.1/255.255.255.0)
8. Next you need to add the IP of your VPN Server to the config file (see example)

Code:
dev tun
tls-client

<your_remote_server> 1194


# The "float" tells OpenVPN to accept authenticated packets from any address,
# not only the address which was specified in the --remote option.
# This is useful when you are connecting to a peer which holds a dynamic address
# such as a dial-in user or DHCP client.
# (Please refer to the manual of OpenVPN for more information.)

#float

# If redirect-gateway is enabled, the client will redirect it's
# default network gateway through the VPN.
# It means the VPN connection will firstly connect to the VPN Server
# and then to the internet.
# (Please refer to the manual of OpenVPN for more information.)

redirect-gateway def1

# dhcp-option DNS: To set primary domain name server address.
# Repeat this option to set secondary DNS server addresses.

dhcp-option DOMAIN example.com #<<<==== add here your domain
dhcp-option DNS 10.8.0.1      #<<<==== add here your vpnservers ip

pull

9. import the new config file to your clients and if al goes well you can now login with your domain-name instead of the IP address.

Hope this helps
 
2,192
928
NAS
DS220+ : DS1019+ : DS920+ : DS118 : APC Back UPS ES 700 — Mac/iOS user
Excellent. I’m glad all is back to the way you want it and thank you for sharing.
But any idea what went wrong in the first place?!

@JME81, take note of this. That’s why I said, there is a way with OpenVPN, although I’ve never tried it. You might want to consider the above.
 
242
63
Excellent. I’m glad all is back to the way you want it and thank you for sharing.
But any idea what went wrong in the first place?!

@JME81, take note of this. That’s why I said, there is a way with OpenVPN, although I’ve never tried it. You might want to consider the above.

First of all Thanks for helping! But no I cannot pinpoint what the problem was and what caused it.
But lesson learned write everything down when changing settings and then test everything again ;) :D
 
2,192
928
NAS
DS220+ : DS1019+ : DS920+ : DS118 : APC Back UPS ES 700 — Mac/iOS user
You’re welcome. I don’t think I’ve contributed anything useful :)

But now we know where to go when we have an OpenVPN problem, especially that you’ve everything written down now ;)

I will reference your domain configuration instructions in the OpenVPN resource by linking to your message above. I hope that’s ok.
 
242
63
You’re welcome. I don’t think I’ve contributed anything useful :)

But now we know where to go when we have an OpenVPN problem, especially that you’ve everything written down now ;)

I will reference your domain configuration instructions in the OpenVPN resource by linking to your message above. I hope that’s ok.
Sure no problem..
 
648
123
NAS
RS820+, DS718+
Operating system
  1. Windows
Mobile operating system
  1. iOS
Last edited:
Are you guys sure you’ve added a rule in the DSM firewall that allows the vpn subnet to get to NAS?

My openvpn clients come in on the 10.x.x.x subnet, and then I added an 'Allow' firewall rule under vpn network connection for all ports/services to the NAS.

Capture.PNG
 
242
63
Are you guys sure you’ve added a rule in the DSM firewall that allows the vpn subnet to get to NAS?

My openvpn clients come in on the 10.x.x.x subnet, and then I added an 'Allow' firewall rule under vpn network connection for all ports/services to the NAS.

View attachment 706
Thanks m8 for your suggestions, but the problem was reported as solved already. Just forgot to mark it as solved ;)
 

Create an account or login to comment

You must be a member in order to leave a comment

Create account

Create an account on our community. It's easy!

Log in

Already have an account? Log in here.

Similar threads

If I use ssh or webdav I connect directly to the IP address that OpenVPN provides. As for Plex, I just...
Replies
2
Views
435
So from this, it looks like that VPN works fine while outside your lan. That is the whole point. In this...
Replies
7
Views
553
  • Question
Instead of trying hostname, can you do your public IP address? Edit the openvpn config and put your...
Replies
16
Views
2,116
Thanks Fredbert. My (memory!) error. Reinstallation of the certificate got OpenVPN back up and running.
Replies
2
Views
978
In the end I was able to resolve the issue. First of all I added a static route on my NAS: VPN IP's subnet...
Replies
3
Views
441
I was able to resolve this issue by switching back to OpenVPN gui (or the app that is developed by OpenVPN...
Replies
1
Views
1,012
Hi We use since some months OpenVPN but we are not able to send mails (or to update the incoming mails)...
Replies
0
Views
592

Welcome to SynoForum.com!

SynoForum.com is an unofficial Synology forum for NAS owners and enthusiasts.

Registration is free, easy and fast!

Trending threads

Top