Spectrum users can't access Windows shares over VPN

SoftEther VPN に関するご質問はこのフォーラムにお気軽にご投稿ください。
Post Reply
LambdaEnt
Posts: 28
Joined: Tue Jul 07, 2020 7:15 pm

Spectrum users can't access Windows shares over VPN

Post by LambdaEnt » Fri Jan 22, 2021 9:12 am

I have SoftEther server running successfully on Windows 10 Pro.

A few clients can't access Windows shares, even though they successfully connect to the VPN. They all have Spectrum cable internet ISP, which confirmed blocks many ports including 139 and 445.
https://www.spectrum.net/support/intern ... ked-ports/

My own home computer connects and access shares just fine over AT&T Fiber, and cellular connections also work.

Any suggestions?

Thank you!

cedar
Site Admin
Posts: 2066
Joined: Sat Mar 09, 2013 5:37 am

Re: Spectrum users can't access Windows shares over VPN

Post by cedar » Fri Jan 22, 2021 9:38 am

Have you checked the Server Log of the VPN server?

LambdaEnt
Posts: 28
Joined: Tue Jul 07, 2020 7:15 pm

Re: Spectrum users can't access Windows shares over VPN

Post by LambdaEnt » Sat Jan 23, 2021 2:24 am

2021-01-22 18:17:03.413 ------------------------------------------------------
2021-01-22 18:17:03.413 SoftEther VPN Server Version 4.34 Build 9745 (English)
2021-01-22 18:17:03.413 Compiled 2020/04/05 23:39:56 by buildsan at crosswin
2021-01-22 18:17:03.413 Log Messages are written with UTF-8 Encoding Format.
2021-01-22 18:17:03.413 The SoftEther VPN Server has been started.
2021-01-22 18:17:03.413 IPsec Module: The IPsec ver 2.0 (ISAKMP/IKEv1) processing module is started.
2021-01-22 18:17:03.413 OpenVPN Module: The OpenVPN Server Module is starting.
2021-01-22 18:17:03.413 Loading the configuration file.
2021-01-22 18:17:03.413 Monitoring the directory "C:\Program Files\SoftEther VPN Server". If the amount of available free disk space becomes less than 8.00 GBytes, the backup files for log files and configurations that are saved on the sub-directories of this directory will be automatically deleted in the order of oldest first. The amount of free disk space that determines when to start deletion can be modified by changing the "AutoDeleteCheckDiskFreeSpaceMin" item in the configuration file.
2021-01-22 18:17:03.429 Virtual Hub "VPN" has been started.
2021-01-22 18:17:03.429 The MAC address of Virtual Hub "VPN" is "00-AE-76-49-92-9B".
2021-01-22 18:17:03.429 [HUB "VPN"] The Virtual Hub is now online.
2021-01-22 18:17:03.429 TCP Listener (port 443) is starting.
2021-01-22 18:17:03.429 TCP Listener (port 443) has started. Now listening for connection from client.
2021-01-22 18:17:03.429 TCP Listener (port 992) is starting.
2021-01-22 18:17:03.429 TCP Listener (port 992) has started. Now listening for connection from client.
2021-01-22 18:17:03.429 TCP Listener (port 1194) is starting.
2021-01-22 18:17:03.429 TCP Listener (port 1194) has started. Now listening for connection from client.
2021-01-22 18:17:03.429 TCP Listener (port 5555) is starting.
2021-01-22 18:17:03.429 TCP Listener (port 5555) has started. Now listening for connection from client.
2021-01-22 18:17:03.429 [HUB "VPN"] The Local Bridge connection "Intel(R) Ethernet Connection (2) I219-V (ID=0449520922)" has started. The bridge session "SID-LOCALBRIDGE-1" was created.
2021-01-22 18:17:03.429 The configuration file has been loaded.
2021-01-22 18:17:03.429 Starting the automatically saving background task. The interval between auto-saves is 300 seconds. You can change the interval by changing the parameter AutoSaveConfigSpan in the configuration file.
2021-01-22 18:17:03.698 [HUB "VPN"] Session "SID-LOCALBRIDGE-1": A Local Bridge connection to physical Ethernet interface "Intel(R) Ethernet Connection (2) I219-V (ID=0449520922)" was started.
2021-01-22 18:18:24.563 IPsec Client 1 (172.249.102.143:500 -> 192.168.1.11:500): A new IPsec client is created.
2021-01-22 18:18:24.563 IPsec IKE Session (IKE SA) 1 (Client: 1) (172.249.102.143:500 -> 192.168.1.11:500): A new IKE SA (Main Mode) is created. Initiator Cookie: 0xFB23A8894CB23D9C, Responder Cookie: 0xAD162BE2B6B5C928, DH Group: MODP 2048 (Group 14), Hash Algorithm: SHA-2-256, Cipher Algorithm: AES-CBC, Cipher Key Size: 256 bits, Lifetime: 4294967295 Kbytes or 3600 seconds
2021-01-22 18:18:24.647 IPsec Client 1 (172.249.102.143:4500 -> 192.168.1.11:4500): The port number information of this client is updated.
2021-01-22 18:18:24.647 IPsec Client 1 (172.249.102.143:4500 -> 192.168.1.11:4500):
2021-01-22 18:18:24.647 IPsec IKE Session (IKE SA) 1 (Client: 1) (172.249.102.143:4500 -> 192.168.1.11:4500): This IKE SA is established between the server and the client.
2021-01-22 18:18:25.666 IPsec IKE Session (IKE SA) 1 (Client: 1) (172.249.102.143:4500 -> 192.168.1.11:4500): The client initiates a QuickMode negotiation.
2021-01-22 18:18:25.666 IPsec ESP Session (IPsec SA) 1 (Client: 1) (172.249.102.143:4500 -> 192.168.1.11:4500): A new IPsec SA (Direction: Client -> Server) is created. SPI: 0xBB67D82C, DH Group: (null), Hash Algorithm: SHA-1, Cipher Algorithm: AES-CBC, Cipher Key Size: 256 bits, Lifetime: 4294967295 Kbytes or 3600 seconds
2021-01-22 18:18:25.666 IPsec ESP Session (IPsec SA) 1 (Client: 1) (172.249.102.143:4500 -> 192.168.1.11:4500): A new IPsec SA (Direction: Server -> Client) is created. SPI: 0x7C8B45B, DH Group: (null), Hash Algorithm: SHA-1, Cipher Algorithm: AES-CBC, Cipher Key Size: 256 bits, Lifetime: 4294967295 Kbytes or 3600 seconds
2021-01-22 18:18:25.688 IPsec ESP Session (IPsec SA) 1 (Client: 1) (172.249.102.143:4500 -> 192.168.1.11:4500): This IPsec SA is established between the server and the client.
2021-01-22 18:18:25.703 IPsec Client 1 (172.249.102.143:4500 -> 192.168.1.11:4500): The L2TP Server Module is started.
2021-01-22 18:18:25.750 L2TP PPP Session [172.249.102.143:1701]: A new PPP session (Upper protocol: L2TP) is started. IP Address of PPP Client: 172.249.102.143 (Hostname: "Hatts-Mac-mini.lan"), Port Number of PPP Client: 1701, IP Address of PPP Server: 192.168.1.11, Port Number of PPP Server: 1701, Client Software Name: "L2TP VPN Client", IPv4 TCP MSS (Max Segment Size): 1314 bytes
2021-01-22 18:18:25.866 On the TCP Listener (Port 0), a Client (IP address 172.249.102.143, Host name "cpe-172-249-102-143.socal.res.rr.com", Port number 1701) has connected.
2021-01-22 18:18:25.866 For the client (IP address: 172.249.102.143, host name: "cpe-172-249-102-143.socal.res.rr.com", port number: 1701), connection "CID-1-84E2862879" has been created.
2021-01-22 18:18:25.866 SSL communication for connection "CID-1-84E2862879" has been started. The encryption algorithm name is "(null)".
2021-01-22 18:18:25.866 [HUB "VPN"] The connection "CID-1-84E2862879" (IP address: 172.249.102.143, Host name: cpe-172-249-102-143.socal.res.rr.com, Port number: 1701, Client name: "L2TP VPN Client", Version: 4.34, Build: 9745) is attempting to connect to the Virtual Hub. The auth type provided is "External server authentication" and the user name is "Hatt".
2021-01-22 18:18:25.866 [HUB "VPN"] Connection "CID-1-84E2862879": Successfully authenticated as user "Hatt".
2021-01-22 18:18:25.866 [HUB "VPN"] Connection "CID-1-84E2862879": The new session "SID-HATT-[L2TP]-2" has been created. (IP address: 172.249.102.143, Port number: 1701, Physical underlying protocol: "Legacy VPN - L2TP")
2021-01-22 18:18:25.866 [HUB "VPN"] Session "SID-HATT-[L2TP]-2": The parameter has been set. Max number of TCP connections: 1, Use of encryption: Yes, Use of compression: No, Use of Half duplex communication: No, Timeout: 20 seconds.
2021-01-22 18:18:25.866 [HUB "VPN"] Session "SID-HATT-[L2TP]-2": VPN Client details: (Client product name: "L2TP VPN Client", Client version: 434, Client build number: 9745, Server product name: "SoftEther VPN Server (64 bit)", Server version: 434, Server build number: 9745, Client OS name: "L2TP VPN Client", Client OS version: "-", Client product ID: "-", Client host name: "Hatts-Mac-mini.lan", Client IP address: "172.249.102.143", Client port number: 1701, Server host name: "192.168.1.11", Server IP address: "192.168.1.11", Server port number: 1701, Proxy host name: "", Proxy IP address: "0.0.0.0", Proxy port number: 0, Virtual Hub name: "VPN", Client unique ID: "91965CE646893461FC0BFB4A5E17F0B5")
2021-01-22 18:18:25.888 L2TP PPP Session [172.249.102.143:1701]: Trying to request an IP address from the DHCP server.
2021-01-22 18:18:25.935 [HUB "VPN"] Session "SID-LOCALBRIDGE-1": The DHCP server of host "B6-FB-E4-F0-0C-32" (192.168.1.1) on this session allocated, for host "SID-HATT-[L2TP]-2" on another session "CA-C5-94-1C-EC-3F", the new IP address 192.168.1.206.
2021-01-22 18:18:25.935 L2TP PPP Session [172.249.102.143:1701]: An IP address is assigned. IP Address of Client: 192.168.1.206, Subnet Mask: 255.255.255.0, Default Gateway: 192.168.1.1, Domain Name: "", DNS Server 1: 192.168.1.1, DNS Server 2: 0.0.0.0, WINS Server 1: 0.0.0.0, WINS Server 2: 0.0.0.0, IP Address of DHCP Server: 192.168.1.1, Lease Lifetime: 43200 seconds
2021-01-22 18:18:25.935 L2TP PPP Session [172.249.102.143:1701]: The IP address and other network information parameters are set successfully. IP Address of Client: 192.168.1.206, Subnet Mask: 255.255.255.0, Default Gateway: 192.168.1.1, DNS Server 1: 192.168.1.1, DNS Server 2: 0.0.0.0, WINS Server 1: 0.0.0.0, WINS Server 2: 0.0.0.0
2021-01-22 18:22:44.443 IPsec ESP Session (IPsec SA) 1 (Client: 1) (172.249.102.143:4500 -> 192.168.1.11:4500): This IPsec SA is deleted.
2021-01-22 18:22:44.443 IPsec IKE Session (IKE SA) 1 (Client: 1) (172.249.102.143:4500 -> 192.168.1.11:4500): This IKE SA is deleted.
2021-01-22 18:22:44.443 IPsec ESP Session (IPsec SA) 1 (Client: 1) (172.249.102.143:4500 -> 192.168.1.11:4500): This IPsec SA is deleted.
2021-01-22 18:22:44.528 L2TP PPP Session [172.249.102.143:1701]: The PPP session is disconnected because the upper-layer protocol "L2TP" has been disconnected.
2021-01-22 18:22:44.528 L2TP PPP Session [172.249.102.143:1701]: The PPP session is disconnected.
2021-01-22 18:22:45.076 [HUB "VPN"] Session "SID-HATT-[L2TP]-2": The session has been terminated. The statistical information is as follows: Total outgoing data size: 1033598 bytes, Total incoming data size: 40954 bytes.
2021-01-22 18:22:45.107 Connection "CID-1-84E2862879" terminated by the cause "The VPN session has been deleted. It is possible that either the administrator disconnected the session or the connection from the client to the VPN Server has been disconnected." (code 11).
2021-01-22 18:22:45.107 Connection "CID-1-84E2862879" has been terminated.
2021-01-22 18:22:45.107 The connection with the client (IP address 172.249.102.143, Port number 1701) has been disconnected.

LambdaEnt
Posts: 28
Joined: Tue Jul 07, 2020 7:15 pm

Re: Spectrum users can't access Windows shares over VPN

Post by LambdaEnt » Sat Jan 23, 2021 5:26 pm

I restarted the server, so this is a clean log from startup, user logging in, attempting to connect to the shares, then logging off. Nothing more.

But I believe this to be a problem of Spectrum blocking ports. Trying to find a workaround.

cedar
Site Admin
Posts: 2066
Joined: Sat Mar 09, 2013 5:37 am

Re: Spectrum users can't access Windows shares over VPN

Post by cedar » Sun Jan 24, 2021 2:57 am

The ISP cannot see the contents of the VPN communication.
Therefore, there is no way to limit only the communication inside VPN without blocking the VPN communication itself.
The ISP is not guilty if the VPN session itself is maintained.

Have you tried SoftEther VPN Client?

LambdaEnt
Posts: 28
Joined: Tue Jul 07, 2020 7:15 pm

Re: Spectrum users can't access Windows shares over VPN

Post by LambdaEnt » Fri Jan 29, 2021 7:06 pm

I tried it from a Windows computer on Spectrum with the client and it works!

But the Macs on Spectrum will not work. I have AT&T Fiber on my Mac with no issue. There is no (easily workable) SoftEther Client for Mac.

One Mac is using Spectrum's router, the other is using Orbi, so it's not likely the router.

Similarly, an iPhone connected via wifi over Spectrum does not work. If the same iPhone with all the same settings disconnects from wifi and connects over cellular, it works instantly.

Therefore it MUST be either Spectrum's ISP, or their modem. This has eliminated any other possibility.

cedar
Site Admin
Posts: 2066
Joined: Sat Mar 09, 2013 5:37 am

Re: Spectrum users can't access Windows shares over VPN

Post by cedar » Fri Jan 29, 2021 11:07 pm

How about OpenVPN(Tunnel Brick)?

LambdaEnt
Posts: 28
Joined: Tue Jul 07, 2020 7:15 pm

Re: Spectrum users can't access Windows shares over VPN

Post by LambdaEnt » Fri Jan 29, 2021 11:09 pm

For a Mac Client?

cedar
Site Admin
Posts: 2066
Joined: Sat Mar 09, 2013 5:37 am

Re: Spectrum users can't access Windows shares over VPN

Post by cedar » Fri Jan 29, 2021 11:40 pm

Yes.
TunnelBrick is a OpenVPN GUI app for mac.

LambdaEnt
Posts: 28
Joined: Tue Jul 07, 2020 7:15 pm

Re: Spectrum users can't access Windows shares over VPN

Post by LambdaEnt » Sat Jan 30, 2021 12:32 am

That seems to want a certificate. We are using password authentication.

cedar
Site Admin
Posts: 2066
Joined: Sat Mar 09, 2013 5:37 am

Re: Spectrum users can't access Windows shares over VPN

Post by cedar » Sat Jan 30, 2021 1:34 am

In password auth user, VPN server ignores provided certification.
you can aquire sample ovpn setting file from vpn server manager.

LambdaEnt
Posts: 28
Joined: Tue Jul 07, 2020 7:15 pm

Re: Spectrum users can't access Windows shares over VPN

Post by LambdaEnt » Sun Jan 31, 2021 1:44 am

Ok, how do I do that? Did a search, can't find anything. And how do I specify the user/pass?

cedar
Site Admin
Posts: 2066
Joined: Sat Mar 09, 2013 5:37 am

Re: Spectrum users can't access Windows shares over VPN

Post by cedar » Mon Feb 01, 2021 2:45 am

Does TunnelBlick ask for a password when you're trying to connect?

https://www.synology.com/_images/autoge ... _Mac/7.png

LambdaEnt
Posts: 28
Joined: Tue Jul 07, 2020 7:15 pm

Re: Spectrum users can't access Windows shares over VPN

Post by LambdaEnt » Mon Feb 01, 2021 7:28 am

No

cedar
Site Admin
Posts: 2066
Joined: Sat Mar 09, 2013 5:37 am

Re: Spectrum users can't access Windows shares over VPN

Post by cedar » Mon Feb 01, 2021 7:35 am

The OVPN file may not have been imported correctly.
What error message are you getting?

LambdaEnt
Posts: 28
Joined: Tue Jul 07, 2020 7:15 pm

Re: Spectrum users can't access Windows shares over VPN

Post by LambdaEnt » Mon Feb 01, 2021 8:10 am

I didn't import anything. You told me "you can aquire sample ovpn setting file from vpn server manager."

I responded, asking how to do that. But that question was never answered.

I downloaded a sample script and tried to modify it.

cedar
Site Admin
Posts: 2066
Joined: Sat Mar 09, 2013 5:37 am

Re: Spectrum users can't access Windows shares over VPN

Post by cedar » Mon Feb 01, 2021 8:24 am

[attachment=0]clip.jpg[/attachment]
You do not have the required permissions to view the files attached to this post.

LambdaEnt
Posts: 28
Joined: Tue Jul 07, 2020 7:15 pm

Re: Spectrum users can't access Windows shares over VPN

Post by LambdaEnt » Mon Feb 01, 2021 8:12 pm

So here's an update:

One of the clients using a Mac on Spectrum at his home, connects successfully to the VPN using the OS built-in client, but can't see the shares.

He came over to my home/office, which is on AT&T Fiber. Without changing ANY settings, it worked flawlessly.

Process of elimination:
THE PROBLEM IS WITH SPECTRUM!!!
It doesn't make sense, but that's the fact.

I also just found this discussion, so I am not alone:
https://community.spiceworks.com/topic/ ... connection

Post Reply