OpenVPN Question

craaaft · February 13, 2016, 12:36pm

I wanted to configure a OpenVPN Connection to our Nethserver. When I select Routed Mode I have to enter a network and a netmask. Should this be the intern network at the location or a own network which is used just by the VPN? The goal is to setup the server as a file-server and allow extern users to access just the file server with their account.

Also is there anything else I should configure besides port forwarding on the router? I guess there shouldn’t be any static routes on the server itself?

Thanks for any help!

Nas · February 13, 2016, 1:34pm

Hi @craaaft

Please keep in mind that when you setup Routed VPN you should input VPN network that would not cover any internal network of your clients.
So it can be 10.255.0.1 255.255.255.0

All routes will come through your VPN.

craaaft · February 13, 2016, 2:23pm

Ok, so the VPN tunnel itself has its own IP-Address range right?

Nas · February 13, 2016, 2:24pm

Yes you are right.

craaaft · February 14, 2016, 10:29am

Ok, thanks it worked fine - the vpn tunnel is up. Now I have the problem that I can’t ping the server and/or add a network drive from roadwarrior client. The server tunnel ip is 10.255.0.1. The Client is 10.255.0.6. I guess I have to open other ports on the router which would allow me to do these things. If yes which ports do I need for adding the samba shares as network drives on the Client?

Nas · February 14, 2016, 10:53am

Have you run OpenVPN client as “root” or “Administrator”?

Unfortunately, SAMBA is not working over VPN, it is a known Issue.

craaaft · February 14, 2016, 11:00am

Yes now it works.

Really? Is there a workaround to that? This is something I really need - a file server I can access through VPN.

Nas · February 14, 2016, 11:15am

You can try to reach samba resources, maybe somth was changed.

But when i try, it did not work.

Sambas known bug with tun devices , but on tap device i cannot reach samba resources too , maybe my Win7 cause the issue.
So make VPN bridged and try it

craaaft · February 14, 2016, 11:54am

Do I have to create the Bridge Interface myself, because when trying to configure there is no Bridge to select from the Dropdown menu. Also the IP range could be 10.255.0.1-10.255.0.10 right?

Nas · February 14, 2016, 12:21pm

In Bridge mode ip Range should be the same as on Server local interface, and before creating Bridged VPN you should create bridge interface on the Network page.

mabeleira · February 18, 2016, 7:11pm

Did you tried accessing the shares using the ip like
\xxx.xxx.xxx.xxx\myshare ? I’m pretty sure its nmb related issue.

Nas · February 18, 2016, 7:16pm

tanks, but i use only ip

wonderbar · June 24, 2016, 10:23pm

Hello!

For my plannings with nethserver, getting samba to work via tun interface was priority.

After some hours spending it works.

You need to change the samba config file like this:

# Only bind to allowed NIC's
bind interfaces only = no
interfaces = 127.0.0.1 "extern"/22 10.1.1.0/24
hosts allow = 127.0.0.1 10.1.1. 192.168.2.0/255.255.255.0 "extern"/255.255.252.0

where 10.1.1.0 is my openvpn tun0 network
"extern" my network to outside

Moving Windows 10 Client into ns domain is still not working, but that’s a huge step.

alefattorini · July 7, 2016, 4:06pm

Ehi Ruff happy to see you here and thanks for your contribution
@mabeleira @craaaft @Nas could you check @wonderbar info?

Nas · July 7, 2016, 9:32pm

Hi, only samba 4 can work on tun/tap devices. Samba 3 can not work on VPN, it is Samba limitation.