[Solved][Mac] OpenVPN works, Samba over OpenVPN not work
-
- remote site
pfsense: 192.168.1.25/24
wireless ap: 192.168.1.27/24
VPN local 10.0.1.6/24
server: 192.168.1.20/24
+local site
mac: 192.168.3.33/24mac tunnelblick prompt:
This computer's apparent public IP address was not different after connecting to config.local-to-remote: read the remote server website - works
remote-to-local: read the remote server website - works
local-to-remote: smb://192.168.1.20 - doesn't work
local-to-remote: smb://username:password@192.168.1.20 - doesn't workany advise?
- remote site
-
update to the latest firmware, still no luck …
-
Local firewall on the target system most likely if it's a Windows system, blocking off-subnet traffic.
-
@cmb:
Local firewall on the target system most likely if it's a Windows system, blocking off-subnet traffic.
In old days,
with the PPTP VPN server on the ASUS router
I can access via samba to the same computerI tried to disable all firewall, no luck
-
Hi!
The openvpn is not site-to-site, correct? So no firewall rules for the pfsense on openvpn tab?
But how about the firewall rules for the LAN tab, does the pfsense allow outgoing traffic to your mac for smb?
Would start with a sniff (wireshark) on the samba host and see if the traffic ever reaches the machine…
-
Did you enable netbios over tcp in the vpn settings?
https://doc.pfsense.org/index.php/Why_can't_I_access_Windows/SMB_shares_on_OpenVPN_clientsI would validate no firewall on the server your trying to access, as mentioned windows for example host firewall will not allow access from remote network. PPTP you were bridging and not routing.. With tun on openvpn your coming from your tunnel network address as far as the server knows, your mac would get a IP in this network VPN local 10.0.1, I assume that is what you mean there. Your tunnel network.
-
Hi!
The openvpn is not site-to-site, correct? So no firewall rules for the pfsense on openvpn tab?
But how about the firewall rules for the LAN tab, does the pfsense allow outgoing traffic to your mac for smb?
Would start with a sniff (wireshark) on the samba host and see if the traffic ever reaches the machine…
There're rules on the LAN tab of firewall
default IPv4 and IPv6 rules and a rule for access the pfsense on special port
and i tried to add a rule of pass all IPv4 from * * * * * : no luckWAN
i tried to add a rule of pass all IPv4 from * * * * * : no lucknever use wireshark
tried
there're many TCP activities between these two computersI can not reach any port from each other after the update of pfsense
-
Did you enable netbios over tcp in the vpn settings?
https://doc.pfsense.org/index.php/Why_can't_I_access_Windows/SMB_shares_on_OpenVPN_clientsI would validate no firewall on the server your trying to access, as mentioned windows for example host firewall will not allow access from remote network. PPTP you were bridging and not routing.. With tun on openvpn your coming from your tunnel network address as far as the server knows, your mac would get a IP in this network VPN local 10.0.1, I assume that is what you mean there. Your tunnel network.
tried, not working
all firewall is off, except pfsense which i dun know how to disable all firewall, but i did add pass rules.
I saw my mac got an ip: 10.0.1.6 at status/OpenVPN, and my real ip is shown too but the port is keep changing
-
i think my OpenVPN server is misconfig
Protocol: UDP?
local port: 1194 (my mac-site router has no OpenVPN passthrough option, just IPSec)Cryptographic Settings should be right, becoz i can connected via OpenVPN
Tunnel Settings
I just input: 10.0.1.0/24 on IPv4 Tunnel Network fieldanything wrong?
btw, how can i export the settings and post it here?
-
i filled 192.168.1.0/24 to the field of IPv4 local network(s)
now i can reach the server's webpage
but can't ping it
or smb -
finally it works!!
when i disable the firewall on that server, smb works.
so i setup rules for network zone 10.0.1.6bang! everything works perfectly!
thanks for help!
-
Eeehm, if 10.0.1.0/24 is the openvpn transport network, your smb server should never see this IP due to NAT… Only exception I saw was when the remote pfsense ITSELF want's to send status emails trough the tunnel, there I had to use the openvpn transport IP to make that work.
Firewall rules for clients on the "other side" of the tunnel should be for the remote network.
I may be wrong, but... ;-)
Are you using a peer-to-peer tunnel or remote-access?
-
Eeehm, if 10.0.1.0/24 is the openvpn transport network, your smb server should never see this IP due to NAT…
Not true, we're talking mobile clients here, they will only use the tunnel network to send traffic across. There is no NAT in that case, and the tunnel network must be permitted.
-
OK, my fault… learned somefink, anyway :-D
