[Solved][Mac] OpenVPN works, Samba over OpenVPN not work



    • remote site
      pfsense: 192.168.1.25/24
      wireless ap: 192.168.1.27/24
      VPN local 10.0.1.6/24
      server: 192.168.1.20/24

    +local site
    mac: 192.168.3.33/24

    mac tunnelblick prompt:
    This computer's apparent public IP address was not different after connecting to config.

    local-to-remote: read the remote server website - works
    remote-to-local: read the remote server website - works
    local-to-remote: smb://192.168.1.20 - doesn't work
    local-to-remote: smb://username:password@192.168.1.20 - doesn't work

    any advise?



  • update to the latest firmware, still no luck …



  • Local firewall on the target system most likely if it's a Windows system, blocking off-subnet traffic.



  • @cmb:

    Local firewall on the target system most likely if it's a Windows system, blocking off-subnet traffic.

    In old days,
    with the PPTP VPN server on the ASUS router
    I can access via samba  to the same computer

    I tried to disable all firewall, no luck


  • Banned

    Hi!

    The openvpn is not site-to-site, correct? So no firewall rules for the pfsense on openvpn tab?

    But how about the firewall rules for the LAN tab, does the pfsense allow outgoing traffic to your mac for smb?

    Would start with a sniff (wireshark) on the samba host and see if the traffic ever reaches the machine…


  • Rebel Alliance Global Moderator

    Did you enable netbios over tcp in the vpn settings?
    https://doc.pfsense.org/index.php/Why_can't_I_access_Windows/SMB_shares_on_OpenVPN_clients

    I would validate no firewall on the server your trying to access, as mentioned windows for example host firewall will not allow access from remote network.  PPTP you were bridging and not routing.. With tun on openvpn your coming from your tunnel network address as far as the server knows, your mac would get a IP in this network VPN local 10.0.1, I assume that is what you mean there.  Your tunnel network.



  • @2chemlud:

    Hi!

    The openvpn is not site-to-site, correct? So no firewall rules for the pfsense on openvpn tab?

    But how about the firewall rules for the LAN tab, does the pfsense allow outgoing traffic to your mac for smb?

    Would start with a sniff (wireshark) on the samba host and see if the traffic ever reaches the machine…

    There're rules on the LAN tab of firewall
    default IPv4 and IPv6 rules and a rule for access the pfsense on special port
    and i tried to add a rule of pass all IPv4 from * * * * * : no luck

    WAN
    i tried to add a rule of pass all IPv4 from * * * * * : no luck

    never use wireshark
    tried
    there're many TCP activities between these two computers

    I can not reach any port from each other after the update of pfsense



  • @johnpoz:

    Did you enable netbios over tcp in the vpn settings?
    https://doc.pfsense.org/index.php/Why_can't_I_access_Windows/SMB_shares_on_OpenVPN_clients

    I would validate no firewall on the server your trying to access, as mentioned windows for example host firewall will not allow access from remote network.  PPTP you were bridging and not routing.. With tun on openvpn your coming from your tunnel network address as far as the server knows, your mac would get a IP in this network VPN local 10.0.1, I assume that is what you mean there.  Your tunnel network.

    tried, not working

    all firewall is off, except pfsense which i dun know how to disable all firewall, but i did add pass rules.

    I saw my mac got an ip: 10.0.1.6 at status/OpenVPN, and my real ip is shown too but the port is keep changing



  • i think my OpenVPN server is misconfig

    Protocol: UDP?
    local port: 1194 (my mac-site router has no OpenVPN passthrough option, just IPSec)

    Cryptographic Settings should be right, becoz i can connected via OpenVPN

    Tunnel Settings
    I just input: 10.0.1.0/24 on IPv4 Tunnel Network field

    anything wrong?

    btw, how can i export the settings and post it here?



  • i filled 192.168.1.0/24 to the field of IPv4 local network(s)

    now i can reach the server's webpage
    but can't ping it
    or smb



  • finally it works!!

    when i disable the firewall on that server, smb works.
    so i setup rules for network zone 10.0.1.6

    bang! everything works perfectly!

    thanks for help!


  • Banned

    Eeehm, if 10.0.1.0/24 is the openvpn transport network, your smb server should never see this IP due to NAT… Only exception I saw was when the remote pfsense ITSELF want's to send status emails trough the tunnel, there I had to use the openvpn transport IP to make that work.

    Firewall rules for clients on the "other side" of the tunnel should be for the remote network.

    I may be wrong, but... ;-)

    Are you using a peer-to-peer tunnel or remote-access?



  • @2chemlud:

    Eeehm, if 10.0.1.0/24 is the openvpn transport network, your smb server should never see this IP due to NAT…

    Not true, we're talking mobile clients here, they will only use the tunnel network to send traffic across. There is no NAT in that case, and the tunnel network must be permitted.


  • Banned

    OK, my fault… learned somefink, anyway :-D