Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    IPSec VPN Windows SMB issues

    Scheduled Pinned Locked Moved IPsec
    4 Posts 2 Posters 2.8k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • ?
      A Former User
      last edited by

      Hi all,

      I have recently set up a pfSense IPSec VPN for remote users. I mostly followed the following guide, with small amendment to get Windows clients to connect (added AES (256 bits) in addition to AES256-GCM (128 bits) in Phase 1):

      https://grokdesigns.com/pfsense-ikev2-for-ios-macos-1/

      The problem I have is that while I can connect fine to the VPN with both macOS and Windows clients, once connected I cannot connect to SMB file shares using Windows. macOS can connect to SMB shares over the VPN without issue.

      I have eliminated DNS as being an issue. Name resolution works fine on both macOS and Windows, tested with nslookup - the right IP is being returned. Also tried connecting to the SMB share via IP address - no go.

      Other things work fine over the VPN on both macOS and Windows - RDP, web sites, but SMB just won't connect on Windows. It stalls for a long time, then eventually errors with:

      Windows cannot access \192.168.1.x
      Check the spelling of the name. Otherwise there might be a problem with the network.

      After reading a number of posts online, I tried setting the MSS to 1360. Unfortunately this made no difference.

      Firewall is OFF for the Windows client.

      pfSense version is - pfSense 2.4.4-RELEASE-p3
      Windows Version - 1809 (OS Build 17763.557)

      Bit lost for ideas on how to fix. Seems strange that only SMB, and only SMB on Windows seems to be affected.

      I have also set up an OpenVPN tunnel to test and it works as expected with Windows and SMB, but would prefer to try to use IPSec due to potentially better performance.

      Any help with this would be greatly appreciated.

      Tristan.

      1 Reply Last reply Reply Quote 0
      • C
        corradolab
        last edited by

        I think you missed adding a route to the VPN connection. Use this powershell command:

        Add-VpnConnectionRoute -ConnectionName "VPN_NAME" -DestinationPrefix 10.5.0.0/16 -PassThru

        https://forum.netgate.com/topic/113227/ikev2-vpn-for-windows-10-and-osx-how-to/2

        Regards,
        Corrado

        ? 1 Reply Last reply Reply Quote 0
        • ?
          A Former User @corradolab
          last edited by

          @corradolab Thanks Corrado I will try this. Forgive my ignorance, but why would protocols other than SMB work without adding this route? Just a bit confused as RDP, HTTP, ping, e.t.c. are all working as expected over the VPN to local servers, just not SMB.

          1 Reply Last reply Reply Quote 0
          • ?
            A Former User
            last edited by

            Finally found a fix for this. Adding a route as suggested by @corradolab was unnecessary as it turns out. This problem was irking me to no end as all other traffic was working well except SMB. I'd tested HTTP, FTP, ping e.t.c. to the LAN and all were working fine - just not SMB, and only SMB on Windows (macOS clients were fine).

            I thought I might be running into this bug;

            https://redmine.pfsense.org/issues/8964

            But it actually turned out to be something in the way Windows authenticates to the server. To fix, you need to go to the Windows Credential Manager and add in the credentials for the SMB server before trying to connect.

            After that it all works fine.

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.