Can't See Remote Network Shares

XrayDoc88

I'm using pfSense CE 2.7.2. on identical mini PC hardware in two different states. I just setup my first site to site VPN using IPsec. I followed these instructions and added the firewall rules at both ends. I have different subnets at both locations. The computers at both locations are running Windows 11 Pro.

https://docs.netgate.com/pfsense/en/latest/recipes/ipsec-s2s-psk.html

The VPN is working. I can enter site A local IP addresses when at site B in "network" using the notation "\\local IP address" and can see all of the shares on my two NAS boxes. I can ping both NAS boxes and I can login to both NAS web interfaces if I launch a browser and type in their local IP addresses. But I can't do the same for my Windows PC shares. "\\local IP address" does not find Site A computers. I can't ping their addresses. I CAN do a remote desktop protocol session at site B by using the local PC IP addresses at site A. But I thought I was supposed to be able to see all the shares at both sites, not just shares on the NAS boxes.

What am I missing? Thanks!

johnpoz

@XrayDoc88 said in Can't See Remote Network Shares:

What am I missing?

I would guess the firewall on the window 11 boxes, out of the box they prob not going to allow an IP that is not a local IP.. You would have to adjust the firewall on them to allow whatever network your other site is using. For ping and SMB.

XrayDoc88

@johnpoz Thanks for the quick reply. I'll look at that. I did notice that I have "network discovery" and "printer and file sharing" enabled for private networks. Do I need to also enable them for public networks? That sounds like a bad idea, but I've never setup a site to site VPN before, so I'm not certain all that might be necessary.

johnpoz

@XrayDoc88 normally the firewall rules when you enable something only allow the network the device is on.. private and public just modes windows will put the firewall on, if its using the public policy it will block any inbound, etc..

if your remote nettwork is say 192.168.20/24 and your local network is 192.168.10/24 you would go into the rules and allow the 192.168.20 network.. Or for that matter just turn off the firewall on the host.

XrayDoc88

I thought I'd post what I did and what solved my problem. I can now see (access) the remote shares on all computers. The two computers that I could not reach by entering \\local computer IP address in Windows Explorer were both updated to the latest 24H2 version of Windows 11 Pro. I couldn't figure out how to create custom firewall rules on these computers. So instead, I went to Settings>Privacy & Security>Windows Security>Firewall & Network Protection>Allow an app through firewall. In the list of apps "File and Printer Sharing" was already checked for a private network. But there was also listed "File and Printer Sharing (Restrictive)" that was not checked. That entry is not present on version 23H2 of Windows 11 Pro. I checked the private network option, and now I can reach the network shares on both computers using \\local computer IP address in Windows Explorer.

I thought this might be helpful if others have the same issue with a site to site IPsec VPN.