[Solved] How to access windows shares via OpenVPN
Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech
-
- OpenVPN Power User
- Posts: 69
- Joined: Sat Nov 01, 2014 9:55 am
[Solved] How to access windows shares via OpenVPN
Ok, so for the past couple of years I have been successfully using OpenVPN to access SMB shares on my Freenas server. I have OpenVPN server installed on my DD-WRT router.
I now want to remotely access a number of shares I have set up on a Windows 10 machine. I have no problems accessing the shares within my LAN, however I am unable to access them remotely through OpenVPN, unless I turn off Windows firewall on the Windows 10 machine that contains the shares.
Could someone shed some light on what the problem might be?
Cheers
CLIENT CONFIG:
client
dev tun
proto udp
remote craftyclown.ddns.net 1196
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
cert laptop.crt
key laptop.key
ns-cert-type server
cipher AES-128-CBC
comp-lzo
verb 4
float
SERVER CONFIG:
push "route 192.168.1.0 255.255.255.0"
push "dhcp-option DNS 8.8.8.8"
server 10.8.0.0 255.255.255.0
dev tun2
proto udp
keepalive 10 120
dh /tmp/openvpn/dh.pem
ca /tmp/openvpn/ca.crt
cert /tmp/openvpn/cert.pem
key /tmp/openvpn/key.pem
management localhost 5001
verb 5
I now want to remotely access a number of shares I have set up on a Windows 10 machine. I have no problems accessing the shares within my LAN, however I am unable to access them remotely through OpenVPN, unless I turn off Windows firewall on the Windows 10 machine that contains the shares.
Could someone shed some light on what the problem might be?
Cheers
CLIENT CONFIG:
client
dev tun
proto udp
remote craftyclown.ddns.net 1196
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
cert laptop.crt
key laptop.key
ns-cert-type server
cipher AES-128-CBC
comp-lzo
verb 4
float
SERVER CONFIG:
push "route 192.168.1.0 255.255.255.0"
push "dhcp-option DNS 8.8.8.8"
server 10.8.0.0 255.255.255.0
dev tun2
proto udp
keepalive 10 120
dh /tmp/openvpn/dh.pem
ca /tmp/openvpn/ca.crt
cert /tmp/openvpn/cert.pem
key /tmp/openvpn/key.pem
management localhost 5001
verb 5
-
- OpenVPN Power User
- Posts: 69
- Joined: Sat Nov 01, 2014 9:55 am
Re: How to access windows shares via OpenVPN
So I've discovered that allowing the netlogon service through the Windows firewall on the destination machine, allows me to see my shares remotely.
Is this a massive security risk?
Still unsure exactly why I'm having this problem. As previously explained, all my Freenas CIF shares work flawlessly, it's just these Windows 10 shares that need a workaround
Is this a massive security risk?
Still unsure exactly why I'm having this problem. As previously explained, all my Freenas CIF shares work flawlessly, it's just these Windows 10 shares that need a workaround
-
- OpenVPN Power User
- Posts: 69
- Joined: Sat Nov 01, 2014 9:55 am
Re: How to access windows shares via OpenVPN
Still trying to troubleshoot this myself, but having absolutely no joy
This particular Windows 10 machine with the shares I need to access, can't even be pinged via OpenVPN
Local network connections work fine, as does the aforementioned allowing of the netlogon service through the windows 10 machines firewall
I'm totally baffled here and would really appreciate some pointers to help get to the bottom of it.
Cheers
This particular Windows 10 machine with the shares I need to access, can't even be pinged via OpenVPN
Local network connections work fine, as does the aforementioned allowing of the netlogon service through the windows 10 machines firewall
I'm totally baffled here and would really appreciate some pointers to help get to the bottom of it.
Cheers
-
- OpenVpn Newbie
- Posts: 7
- Joined: Fri Sep 05, 2014 4:02 pm
Re: How to access windows shares via OpenVPN
CraftyClown wrote:appreciate some pointers
You want to learn about windows 10 firewall ?CraftyClown wrote:I have no problems accessing the shares within my LAN, however I am unable to access them remotely through OpenVPN, unless I turn off Windows firewall on the Windows 10 machine that contains the shares
-
- OpenVPN Power User
- Posts: 69
- Joined: Sat Nov 01, 2014 9:55 am
Re: How to access windows shares via OpenVPN
Well I'm glad my ignorance has entertained youint3nt wrote:CraftyClown wrote:appreciate some pointersYou want to learn about windows 10 firewall ?CraftyClown wrote:I have no problems accessing the shares within my LAN, however I am unable to access them remotely through OpenVPN, unless I turn off Windows firewall on the Windows 10 machine that contains the shares
I just want to understand why this Firewall issue is only present when accessing the shares via OpenVPN and whether there is an adjustment I can maybe make server side to prevent it?
As I mentioned before, my setup has worked fine for the past couple of years when my shares were on a Freenas box, but now I need to access a Windows box I'm struggling.
-
- OpenVpn Newbie
- Posts: 7
- Joined: Fri Sep 05, 2014 4:02 pm
Re: How to access windows shares via OpenVPN
Who said "ignorance" ..
You have pointed out exactly where the problem is .. Windows 10 Firewall ..
Just allow the packets from your VPN in your firewall .. or use NAT at your vpn server.
You have pointed out exactly where the problem is .. Windows 10 Firewall ..
Just allow the packets from your VPN in your firewall .. or use NAT at your vpn server.
-
- OpenVPN Power User
- Posts: 69
- Joined: Sat Nov 01, 2014 9:55 am
Re: How to access windows shares via OpenVPN
int3nt wrote:Who said "ignorance" ..
You have pointed out exactly where the problem is .. Windows 10 Firewall ..
Just allow the packets from your VPN in your firewall .. or use NAT at your vpn server.
Ha ha, I said ignorance, because when it comes to this vpn business I'm a bit clueless
Could you explain what you mean by "Just allow the packets from your VPN in your firewall .. or use NAT at your vpn server"?
Thanks for your time
-
- OpenVPN Protagonist
- Posts: 11138
- Joined: Fri Jun 03, 2016 1:17 pm
Re: How to access windows shares via OpenVPN
This is due to the source IP of packets from the VPN not being in the same subnet as the Windows machine.CraftyClown wrote:I just want to understand why this Firewall issue is only present when accessing the shares via OpenVPN
Probably like this:
- Windows 10 IP subnet : 192.168.0.0/24
- VPN subnet : 10.8.0.0/24
You can also use iptables NAT on the server .. documented here:CraftyClown wrote:and whether there is an adjustment I can maybe make server side to prevent it?
HOWTO: Routing all client traffic (including web-traffic) through the VPN
-
- OpenVPN Power User
- Posts: 69
- Joined: Sat Nov 01, 2014 9:55 am
Re: How to access windows shares via OpenVPN
Thanks TinCanTech,TinCanTech wrote:This is due to the source IP of packets from the VPN not being in the same subnet as the Windows machine.CraftyClown wrote:I just want to understand why this Firewall issue is only present when accessing the shares via OpenVPN
Probably like this:So, Windows firewall blocks these packets .. unless you add a rule to the firewall to allow them.
- Windows 10 IP subnet : 192.168.0.0/24
- VPN subnet : 10.8.0.0/24
You can also use iptables NAT on the server .. documented here:CraftyClown wrote:and whether there is an adjustment I can maybe make server side to prevent it?
HOWTO: Routing all client traffic (including web-traffic) through the VPN
That certainly makes sense.
I looked at the link you provided and added this line to the OpenVPN config: push "redirect-gateway def1"
Not sure if I understood that right though, as it has made no difference
Alternatively, what would I need to do to the Windows Firewall, to allow the packets that way?
Apologies if these are stupid questions
Thanks again
Rich
-
- OpenVPN Power User
- Posts: 69
- Joined: Sat Nov 01, 2014 9:55 am
Re: How to access windows shares via OpenVPN
Ok, scratch that, worked it out via Windows Firewall.
To help anyone else who is as clueless as I and comes across this thread then the solution was to do the following.
1. Control panel
2. Windows Firewall
3. Advanced settings
4. Inbound rules
5. File and Printer sharing (SMB in)
6. Scope
7. Remote IP address (add)
8. Add subnet to the top box (which was in my case: 10.8.0.0/24)
Thanks for the help Int3nt and especially TinCanTech
To help anyone else who is as clueless as I and comes across this thread then the solution was to do the following.
1. Control panel
2. Windows Firewall
3. Advanced settings
4. Inbound rules
5. File and Printer sharing (SMB in)
6. Scope
7. Remote IP address (add)
8. Add subnet to the top box (which was in my case: 10.8.0.0/24)
Thanks for the help Int3nt and especially TinCanTech
-
- OpenVPN Protagonist
- Posts: 11138
- Joined: Fri Jun 03, 2016 1:17 pm
Re: How to access windows shares via OpenVPN
Thanks for sharing your solution
-
- OpenVPN Power User
- Posts: 69
- Joined: Sat Nov 01, 2014 9:55 am
Re: How to access windows shares via OpenVPN
No problem. I hope it helps someone else out.TinCanTech wrote:Thanks for sharing your solution
Just out of interest, do you know where I was going wrong at the OpenVPN side? I tried: push "redirect-gateway def1"
-
- OpenVPN Protagonist
- Posts: 11138
- Joined: Fri Jun 03, 2016 1:17 pm
Re: [Solved] How to access windows shares via OpenVPN
You were not doing anything wrong with openvpn ..
That link to the HOWTO shows howto use iptables nat on your server.
--redirect-gateway will send all your client data over the VPN, which you need to decide if you need or not.
That link to the HOWTO shows howto use iptables nat on your server.
--redirect-gateway will send all your client data over the VPN, which you need to decide if you need or not.
-
- OpenVpn Newbie
- Posts: 1
- Joined: Tue Oct 11, 2016 7:39 am
Re: [Solved] How to access windows shares via OpenVPN
Hi,
and sorry not to be able to contribute to the discussion but only recently I set up my pfsense router and my OpenVPN connection.
Thanks
and sorry not to be able to contribute to the discussion but only recently I set up my pfsense router and my OpenVPN connection.
And unlike the OP I have problem access my SMB shares. Without hijacking your thread could you please point me to a direction to find some help as googling gets me nowhere? [lie - I have found this by googling]CraftyClown wrote:Ok, so for the past couple of years I have been successfully using OpenVPN to access SMB shares on my Freenas server.
Thanks
-
- OpenVPN Protagonist
- Posts: 11138
- Joined: Fri Jun 03, 2016 1:17 pm
Re: [Solved] How to access windows shares via OpenVPN
Please see:robag wrote:could you please point me to a direction to find some help
viewtopic.php?f=30&t=22603