Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    [Solved][Mac] OpenVPN works, Samba over OpenVPN not work

    Scheduled Pinned Locked Moved OpenVPN
    14 Posts 4 Posters 4.9k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • Y
      yashiharu
      last edited by

      • remote site
        pfsense: 192.168.1.25/24
        wireless ap: 192.168.1.27/24
        VPN local 10.0.1.6/24
        server: 192.168.1.20/24

      +local site
      mac: 192.168.3.33/24

      mac tunnelblick prompt:
      This computer's apparent public IP address was not different after connecting to config.

      local-to-remote: read the remote server website - works
      remote-to-local: read the remote server website - works
      local-to-remote: smb://192.168.1.20 - doesn't work
      local-to-remote: smb://username:password@192.168.1.20 - doesn't work

      any advise?

      1 Reply Last reply Reply Quote 0
      • Y
        yashiharu
        last edited by

        update to the latest firmware, still no luck …

        1 Reply Last reply Reply Quote 0
        • C
          cmb
          last edited by

          Local firewall on the target system most likely if it's a Windows system, blocking off-subnet traffic.

          1 Reply Last reply Reply Quote 0
          • Y
            yashiharu
            last edited by

            @cmb:

            Local firewall on the target system most likely if it's a Windows system, blocking off-subnet traffic.

            In old days,
            with the PPTP VPN server on the ASUS router
            I can access via samba  to the same computer

            I tried to disable all firewall, no luck

            1 Reply Last reply Reply Quote 0
            • 2
              2chemlud Banned
              last edited by

              Hi!

              The openvpn is not site-to-site, correct? So no firewall rules for the pfsense on openvpn tab?

              But how about the firewall rules for the LAN tab, does the pfsense allow outgoing traffic to your mac for smb?

              Would start with a sniff (wireshark) on the samba host and see if the traffic ever reaches the machine…

              1 Reply Last reply Reply Quote 0
              • johnpozJ
                johnpoz LAYER 8 Global Moderator
                last edited by

                Did you enable netbios over tcp in the vpn settings?
                https://doc.pfsense.org/index.php/Why_can't_I_access_Windows/SMB_shares_on_OpenVPN_clients

                I would validate no firewall on the server your trying to access, as mentioned windows for example host firewall will not allow access from remote network.  PPTP you were bridging and not routing.. With tun on openvpn your coming from your tunnel network address as far as the server knows, your mac would get a IP in this network VPN local 10.0.1, I assume that is what you mean there.  Your tunnel network.

                An intelligent man is sometimes forced to be drunk to spend time with his fools
                If you get confused: Listen to the Music Play
                Please don't Chat/PM me for help, unless mod related
                SG-4860 24.11 | Lab VMs 2.8, 24.11

                1 Reply Last reply Reply Quote 0
                • Y
                  yashiharu
                  last edited by

                  @2chemlud:

                  Hi!

                  The openvpn is not site-to-site, correct? So no firewall rules for the pfsense on openvpn tab?

                  But how about the firewall rules for the LAN tab, does the pfsense allow outgoing traffic to your mac for smb?

                  Would start with a sniff (wireshark) on the samba host and see if the traffic ever reaches the machine…

                  There're rules on the LAN tab of firewall
                  default IPv4 and IPv6 rules and a rule for access the pfsense on special port
                  and i tried to add a rule of pass all IPv4 from * * * * * : no luck

                  WAN
                  i tried to add a rule of pass all IPv4 from * * * * * : no luck

                  never use wireshark
                  tried
                  there're many TCP activities between these two computers

                  I can not reach any port from each other after the update of pfsense

                  1 Reply Last reply Reply Quote 0
                  • Y
                    yashiharu
                    last edited by

                    @johnpoz:

                    Did you enable netbios over tcp in the vpn settings?
                    https://doc.pfsense.org/index.php/Why_can't_I_access_Windows/SMB_shares_on_OpenVPN_clients

                    I would validate no firewall on the server your trying to access, as mentioned windows for example host firewall will not allow access from remote network.  PPTP you were bridging and not routing.. With tun on openvpn your coming from your tunnel network address as far as the server knows, your mac would get a IP in this network VPN local 10.0.1, I assume that is what you mean there.  Your tunnel network.

                    tried, not working

                    all firewall is off, except pfsense which i dun know how to disable all firewall, but i did add pass rules.

                    I saw my mac got an ip: 10.0.1.6 at status/OpenVPN, and my real ip is shown too but the port is keep changing

                    1 Reply Last reply Reply Quote 0
                    • Y
                      yashiharu
                      last edited by

                      i think my OpenVPN server is misconfig

                      Protocol: UDP?
                      local port: 1194 (my mac-site router has no OpenVPN passthrough option, just IPSec)

                      Cryptographic Settings should be right, becoz i can connected via OpenVPN

                      Tunnel Settings
                      I just input: 10.0.1.0/24 on IPv4 Tunnel Network field

                      anything wrong?

                      btw, how can i export the settings and post it here?

                      1 Reply Last reply Reply Quote 0
                      • Y
                        yashiharu
                        last edited by

                        i filled 192.168.1.0/24 to the field of IPv4 local network(s)

                        now i can reach the server's webpage
                        but can't ping it
                        or smb

                        1 Reply Last reply Reply Quote 0
                        • Y
                          yashiharu
                          last edited by

                          finally it works!!

                          when i disable the firewall on that server, smb works.
                          so i setup rules for network zone 10.0.1.6

                          bang! everything works perfectly!

                          thanks for help!

                          1 Reply Last reply Reply Quote 0
                          • 2
                            2chemlud Banned
                            last edited by

                            Eeehm, if 10.0.1.0/24 is the openvpn transport network, your smb server should never see this IP due to NAT… Only exception I saw was when the remote pfsense ITSELF want's to send status emails trough the tunnel, there I had to use the openvpn transport IP to make that work.

                            Firewall rules for clients on the "other side" of the tunnel should be for the remote network.

                            I may be wrong, but... ;-)

                            Are you using a peer-to-peer tunnel or remote-access?

                            1 Reply Last reply Reply Quote 0
                            • C
                              cmb
                              last edited by

                              @2chemlud:

                              Eeehm, if 10.0.1.0/24 is the openvpn transport network, your smb server should never see this IP due to NAT…

                              Not true, we're talking mobile clients here, they will only use the tunnel network to send traffic across. There is no NAT in that case, and the tunnel network must be permitted.

                              1 Reply Last reply Reply Quote 0
                              • 2
                                2chemlud Banned
                                last edited by

                                OK, my fault… learned somefink, anyway :-D

                                1 Reply Last reply Reply Quote 0
                                • First post
                                  Last post
                                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.