OpenVPN Question

I wanted to configure a OpenVPN Connection to our Nethserver. When I select Routed Mode I have to enter a network and a netmask. Should this be the intern network at the location or a own network which is used just by the VPN? The goal is to setup the server as a file-server and allow extern users to access just the file server with their account.

Also is there anything else I should configure besides port forwarding on the router? I guess there shouldn’t be any static routes on the server itself?

Thanks for any help!

Hi @craaaft

Please keep in mind that when you setup Routed VPN you should input VPN network that would not cover any internal network of your clients.
So it can be

All routes will come through your VPN.

Ok, so the VPN tunnel itself has its own IP-Address range right?

Yes you are right.

Ok, thanks it worked fine - the vpn tunnel is up. Now I have the problem that I can’t ping the server and/or add a network drive from roadwarrior client. The server tunnel ip is The Client is I guess I have to open other ports on the router which would allow me to do these things. If yes which ports do I need for adding the samba shares as network drives on the Client?

Have you run OpenVPN client as “root” or “Administrator”?

Unfortunately, SAMBA is not working over VPN, it is a known Issue.

Yes now it works.

Really? Is there a workaround to that? This is something I really need - a file server I can access through VPN.

You can try to reach samba resources, maybe somth was changed.

But when i try, it did not work.

Sambas known bug with tun devices , but on tap device i cannot reach samba resources too , maybe my Win7 cause the issue.
So make VPN bridged and try it :wink:

Do I have to create the Bridge Interface myself, because when trying to configure there is no Bridge to select from the Dropdown menu. Also the IP range could be right?

In Bridge mode ip Range should be the same as on Server local interface, and before creating Bridged VPN you should create bridge interface on the Network page.

Did you tried accessing the shares using the ip like
\\myshare ? I’m pretty sure its nmb related issue.

:wink: tanks, but i use only ip


For my plannings with nethserver, getting samba to work via tun interface was priority.

After some hours spending it works.

You need to change the samba config file like this:

# Only bind to allowed NIC's
bind interfaces only = no
interfaces = "extern"/22
hosts allow = 10.1.1. "extern"/

where is my openvpn tun0 network
"extern" my network to outside

Moving Windows 10 Client into ns domain is still not working, but that’s a huge step.

Ehi Ruff happy to see you here and thanks for your contribution
@mabeleira @craaaft @Nas could you check @wonderbar info?

Hi, only samba 4 can work on tun/tap devices. Samba 3 can not work on VPN, it is Samba limitation.

1 Like