IPSec VPN Windows SMB issues
creamelectricart last edited by
I have recently set up a pfSense IPSec VPN for remote users. I mostly followed the following guide, with small amendment to get Windows clients to connect (added AES (256 bits) in addition to AES256-GCM (128 bits) in Phase 1):
The problem I have is that while I can connect fine to the VPN with both macOS and Windows clients, once connected I cannot connect to SMB file shares using Windows. macOS can connect to SMB shares over the VPN without issue.
I have eliminated DNS as being an issue. Name resolution works fine on both macOS and Windows, tested with nslookup - the right IP is being returned. Also tried connecting to the SMB share via IP address - no go.
Other things work fine over the VPN on both macOS and Windows - RDP, web sites, but SMB just won't connect on Windows. It stalls for a long time, then eventually errors with:
Windows cannot access \192.168.1.x
Check the spelling of the name. Otherwise there might be a problem with the network.
After reading a number of posts online, I tried setting the MSS to 1360. Unfortunately this made no difference.
Firewall is OFF for the Windows client.
pfSense version is - pfSense 2.4.4-RELEASE-p3
Windows Version - 1809 (OS Build 17763.557)
Bit lost for ideas on how to fix. Seems strange that only SMB, and only SMB on Windows seems to be affected.
I have also set up an OpenVPN tunnel to test and it works as expected with Windows and SMB, but would prefer to try to use IPSec due to potentially better performance.
Any help with this would be greatly appreciated.