NethServer release 7.9.2009 (final) Module: File Server, AD
Good day,
I am currently having problems connecting to Nethserver file server while connected to Pfsense OpenVPN. I can access all the other devices connected to the network via the VPN, expect the Nethserver samba shares. I have also added the VPN subnet inside the trusted network and it does not work. The rules in the Pfsense does allow open vpn to access all the networks. The IP tunnel network for the vpn is 192.168.70.0/24 and the internal network is 192.168.0.0/24. The Nethserver is on its own server and has a red and green network on it. All users can access their shares while on the internal network but it does not work when the pfsense vpn is enabled on their pc. Not sure what I am missing. The end goal is to have remote users to connect to their shares using Pfsense VPN. Any assistance will be greatly appreciated.
I do know PFSense, although I only use OPNsense, however: PFSense does NOT make VPNs, they use either IPsec, OpenVPN or Wireguard… There is no such thing as a “PFsense VPN”…
Are you talking about a site2site or a RoadWarrior VPN (I’m thinking a road warrior…)?
You also provide no information where to where, where are the users using VPN? (LAN or WAN?)…
What client are you using for VPN?
Too many questions…
Maybe start by providing some basic concrete infos about your network setup…
AFAIK, NethServers OpenVPN Implemantation via GUI does not support several “LANs” to be reached… OpenVPN can do it, but needs tweaking…
Apologies, I am currently using the OpenVPN from Pfsense (No IPsec at the moment), and I am using my pc to connect to the lan network from my house using OpenVPN community edition. The Lan network is 192.168.0.0/24 and the Nethserver green is on 192.1680.3/24 I am able to ping the entire network but not the Nethserver. This is the config file from the Pfsense OpenVPN.
dev tun
persist-tun
persist-key
data-ciphers AES-256-GCM:AES-128-GCM:CHACHA20-POLY1305:AES-256-CBC
data-ciphers-fallback AES-256-CBC
auth SHA256
tls-client
client
resolv-retry infinite
remote xxx.xxx.xxx.xxx 1194 tcp4
nobind
auth-user-pass
remote-cert-tls server
So what I did was I use the OpenVPN wizard from Pfsense to create the server and after I use the OpenVPN client on my pc to connect to the network. Not sure if that clears it up.
From ISP modem I have a Pfsene firewall that controls the network. Inside the network i have a nethserver that is the DC that controls the shares and users for the entire network and servers. I am using the Pfsense OpenVPN to remotely connect to the shares.
That explains a lot, why not right from the beginning?
On your PFsense, you need to set the NethServer (It’s AD…!) as your DNS Server for the OpenVPN connection. Also set the domain (AD) as default domain…
Without that, the Samba (Kerberos) part of authentification will faill and you can’t access your shares…
To be on the safe side, you can use the NethServer and AD IPs as the two DNS servers.
Have an entry in NethServers DNS pointing to itself, and a seperate entry for your AD!
Apologies once again, My DC name is ad.statistics.org and in the Pfsense I have the domain name configured in it. To note I am not able to reach the Nethserver on the Pfsense OpenVPN
I am not able to reach any of those using Nethserver IP 192.168.0.3. The DC IP is 192.168.0.4, do I need to use the 192.168.0.3 as the DNS or the DC IP 192.168.0.4?
Yes I am using the Fail2Ban and I have checked that the IP is not blocked. To note nethserver has its own red network and pfsense is not controlling the NAT for it. The Pfsense IP is xxx.xxx.xxx.214 and both pfsense and nethserver is using the ISP gateway which is xxx.xxx.xxx.209
That’s why this is not working. If your PFsense does your OpenVPN, your Nethserver must use that as gateway!
You could provide such critical information right from the beginning.
My mind reading capabilities are rather rudimentry, and long distance and foreign languages don’t makes things easier (Joke !!!)
Easiest would be to set up your OpenVPN on NethServer, using it’s own RED WAN connection. You do need a route on your PFsense pointing to the OpenVPN network (192.168.70.0/24 if I’m correct) and using the NethServers LAN IP as Gateway.
Remove the entire OpenVPN setting from your PFsense!
I have tested the OpenVPN RoadWarrior on the Nethserver and it works fine, but i cannot reach to the other servers on the networks. The idea was to have one OpenVPN to be able to reach the entire networks along with its servers. Also i am working on creating different VLANs on the pfsense for each department. I do not know if i will be able to reach the Nethserver shares from the VLANs, being that they are not on the same gateway.