Tun tap and access to Windows share, how ?
-
Hi all
have OpenVPN working in routing mode, "tun tap".
Now the clients can access a Windows share only by IP but not by name (ping to name OK).
I think this with "tun tap" does not work, right?thx
Stefan -
you mean you have it setup with TUN.. tap is when its in bridge mode and you get the same IP network as what your vpn too.
TUN is fine.. But there is the thing.. windows out of the box is going to block non local networks to its file sharing. So you have to setup the windows firewall to allow access from your remote vpn network.
As to using name, again if you tun and routing networks you would not be able to to broadcast for the name. So you need to use normal dns name resolution or use an old school wins..
Just setup your vpn clients to use your local dns and then you can resolve all your devices.. example
I am logged into my home network via openvpn, I get a 10.0.8.0/24 IP on the vpn tunnel. But I can resolve my home network devices just fine.. See here is listing of windows server and its shares..
C:\>dig storage.local.lan ; <<>> DiG 9.11.0 <<>> storage.local.lan ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 62501 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;storage.local.lan. IN A ;; ANSWER SECTION: storage.local.lan. 3600 IN A 192.168.9.8 ;; Query time: 125 msec ;; SERVER: 192.168.9.253#53(192.168.9.253) ;; WHEN: Wed Jan 04 10:24:52 Central Standard Time 2017 ;; MSG SIZE rcvd: 62 C:\>net view \\storage.local.lan Shared resources at \\storage.local.lan Share name Type Used as Comment ------------------------------------------------------------------------------- backup Disk Media Disk Molly Disk Plex Disk testshare Disk The command completed successfully. -
Hi johnpoz,
thx for your fast replay, yes i use tun and not tap.
The vpnclient get the correct DNS IP from our DNS Domain Controller.
Domain suffix and WINS also OK and i can ping to hostname and to FQND, so i thing i have here no a name resolution problem here. The same config work with IKE.
But i have no chance to access to a windows share via host name or FQND. I als have disable for a test the lokal Windows FW and on pfsense to change the fw rules to any.Any help here ?
txh Stefan -
If your resolving to the correct ip with name.. And you allow the traffic on your pfsense firewall for your openvpn connection. And you have enabled it on the windows sharing the files firewall. Then my next guess would be you have a authing issue.
What error do you get when you do like the command I did above with just net view \fqdn, and your saying this works if you do \ipaddress
Do you have netbios options enabled in your vpn config?
NetBIOS enable
Enable NetBIOS over TCP/IP If this option is not set, all NetBIOS-over-TCP/IP options (including WINS) will be disabled.On your vpn interface on your client do you have it set to enable netbios over tcp? What is your client exactly - is it another windows machine, or you trying to do smbclient connections via linux?
-
Ok, after 5min. i get access denied but with IP i have this Problems not. May a Problem to the DC ?
-
So your trying to access the DC for file shares, or your just access some host on the network with its actual fqdn? You can have problems trying to access a windows file share with some made up name, etc. That does not match its real name. That just your dns points that name to that IP.
-
And i see that this clients not register to the DC DNS, how can i do this ?
-
That really should have zero to do with it.. Is your remote client a member of your AD? And you want it to register its vpn IP when it comes in via vpn?
-
That really should have zero to do with it.. Is your remote client a member of your AD? And you want it to register its vpn IP when it comes in via vpn?
Yes this is a AD Member, as i say the same Device and Shrewsoft Client with IKE without any Problems only openvpn.
