[SOLVED] Samba and OpenVPN servers on the same machine

This forum is for admins who are looking to build or expand their OpenVPN setup.
Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Post Reply
Gbillou
OpenVpn Newbie
Posts: 2
Joined: Sun Nov 14, 2010 1:17 pm

[SOLVED] Samba and OpenVPN servers on the same machine

Post by Gbillou » Sun Nov 14, 2010 1:52 pm

Hi,

I own a linux server who's public ip is a.b.c.d.
This server hosts websites using apache2 and other services (other webservers frontends on port != 80/443, things like databases and erp etc..).
Furthermore I'd like to access files on this server using samba from windows (xp/2003) and linux machines. (Until now i was using sftp).

For this purpose i first configured openerp using tunneling, everything worked great except samba. Actually i don't want samba (neither other private services like databases or our erp) to listen on my server's public ip/interface(eth0), but only on it's virtual tun0(10.8.0.1) interface.
I've read this : http://openvpn.net/index.php/open-sourc ... html#samba which states :
If you are running the Samba and OpenVPN servers on the same machine, you may want to edit the interfaces directive in the smb.conf file to also listen on the TUN interface subnet of 10.8.0.0/24:

interfaces = 10.66.0.0/24 10.8.0.0/24
(i added the "bind interfaces only = yes" directive and only left "interfaces = 10.8.0.0/24", and even tried with interfaces=tun0)
but i'm facing this exact same problem : http://www.spinics.net/lists/samba/msg82857.html
open_sockets: Broadcast sockets opened.
not adding non-broadcast interface tun0
WARNING: no network interfaces found
then follows a samba core coz of no network interface found.

If I don't use this "interfaces" thing, everything works fine, except samba listens also on a.b.c.d. It's true that i can add "hosts allow = 10.8.0.0/24", but that's still not acceptable since i don't want my 137/139 ports opened to the world.

I understand samba refuses to listen on a non broadcast interface and it seems to me the only alternative left is to use a bridged openvpn configuration (actually is to let samba listen on a tap device, not a tun one).
My problem here is my server is not running on a subnet, and it only have one public physical interface and.. well i really don't see how can i run a virtual subnet then bridge this subnet using openvpn...

To conclude : It seems I want a level 2 tunneled configuration (using tap devices..), am i right? how to do that?

Any help or advice would be greatly appreciated :)
Last edited by Gbillou on Tue Nov 16, 2010 1:38 pm, edited 1 time in total.

User avatar
krzee
Forum Team
Posts: 729
Joined: Fri Aug 29, 2008 5:42 pm

Re: Samba and OpenVPN servers on the same machine

Post by krzee » Tue Nov 16, 2010 10:36 am

you want layer3 tun and support from samba guys

Gbillou
OpenVpn Newbie
Posts: 2
Joined: Sun Nov 14, 2010 1:17 pm

Re: Samba and OpenVPN servers on the same machine

Post by Gbillou » Tue Nov 16, 2010 1:37 pm

Well,

I solved my problem. And it was : i'm too dumb to understand what's possible to do with a bridged configuration, and what bridging really is :) (and i'm pretty sure i don't undestand the hole thing).
I just setup a bridged vpn without any physical interface added to it... It seems to be stupid as that's more or less what tunneling does, but it allows me to add tap interfaces to it if i need it, and as br0 (and tapX) supports broadcast i'm able to bind my services to it.

There's 2 things that made me think what i wanted was not possible :
-Provided sample script "bridge-start" asks for a physical interface, so i though i need one.
-I made a mistake(typo) in my bridged configuration at my first attempt.

btw, thx!

Post Reply