Windows/Samba File share only one way via VPN
-
Hi everyone,
after hours of googling and finally gave up and now hope to find help here in ths forum.
I'm having the following configuration running:
- Windows-Server (192.168.55.1) with OpenVPN-TAP Device, running as Server and in TUN Mode (192.168.88.1)
- pfsense Firwall with the following Interfaces: LAN 10.83.1.x, DMZ 192.168.83.x, OpenVPN Client 192.168.88.2
To be a bit more graphical:
Windows/OpenVPN Server(SITE A)|<–---Tunnel 192.168.88.x---->|(SITE B)pfsense----LAN/DMZNow heres the actuall problem:
The tunnel is running fine, I can access everything (e.g. RDP, VNC, DNS, FTP, etc) from the Site A to Site B and via verse, except for Windows File Share...
BUT wait here is the tricky part:- From Site B to Site A I CAN access windows filesharing on all devices (wether Linux Samba or Windows FS).
- From Site A to Site B I can't open any SAMBA Device, but all other services.
Now for my checklist, what I have done so far:
- I checked all my local firewalls, they are 100% disabled... so no Windows FW or such things are running, the only security is PFSENSE
- I can't access neither via IP nor DNS, so the famouse "enable Netbios via TCP" is also from the list, right?
- I enabled on the LAN Interface a FW rule, which allows ALL traffic coming from SITE A adresses (.88.x, .55.x) to go through... so no problem here too, right?
- Since I can ping and trace and use other services from all Sites, I also take a routing issue out of my list too...
I have the feeling that pfsense is blocking something I can't trace/understand... have you encountered the same problem? Or should I think about a reconfig of my tunnel?
The pfsense is a ALIX-Board embedded 1.2.3-RC1 version... I'm planning to reinstall 1.2.3-RC3 soon.
If you need more infos, please let me know, I'm happy to share them with you.
Cheers and regards,
STT -
ok… now this is embarresing.
After I posted this post, I was just checking again on all my configs, like Windows Settings, Openvpn and so on.
Then I thought: "ok let's do something stupid and switch the machine I try to log into SITE B from..." so I took another client and tried to access a PC of SITE B... and there it GOES!!! All working fine... After that I tried to access SITE B from the Windows Server again and it was working...
I can't explain why this works JUST NOW out of the blue but it does... so please ignore this stupid it guy and get on with the day ::)