It was ME 
@giacomo as for Samba it is a known issue with Tun interface, that samba can not bind to it, but on TAP it should bind. maybe some port forward or port tunnel from VPN can be a workaround. It should be tested.
Workaround could be IP forwarding, :
iptables -t nat -A POSTROUTING -s <your.vpn.network.0>/24 -o <ethX> -j MASQUERADE
service iptables save
in /etc/sysctl.conf add:
net.ipv4.ip_forward = 1
apply sysctl:
sysctl -p
(in the case of @Nas <your.vpn.network.0> = 10.10.1.0)
samba share shoud be found at
\\<static ip server>\<share>As we use Shorewall, it can be done through masq file But it could cause another issues with other services
Still have to read in to Shorewall… (and Nethserver/Centos as a mather of fact);
Hw about this ?
Sorry @Nas not enough time to play at the minute, I’m changing my main server (aubrac-medical.fr) and reconfiguring my build machine for el7.
1 Like
Out of topic, but aubrac-medical.fr is like a a good friend that I’m leaving after an adventure of six years about free software ( smeserver, stephdl, nethserver, archlinux repositories) and a lot of (old) scripts everywhere. Today I’m a bit sad 
But the new server is a monster (comparatively from the old) -> https://www.soyoustart.com/fr/offres/e3-sat-3.xml
3 Likes
Yep, Xeon + DDR3 = Rocket
Could you show how this can be done through shorewall? I am just familiar with iptables and I would like to check this workaround.
sorry I’m in a hurry … but i want to report my configuration
FW/GW with openvpn server - multiple green - ns6.7
mail/file server - ns6.7
other file server: qnap
my desktop os: fedora23
i can connect with openvpn, mount share on qnap ad on file server on ns67 (after adding my ovpn network in trusted network)
no special config added if i remember correctly…
how can i reproduce the bug? what is your config?
HI @craaaft
You can add in masq file , source tapX and dest intermal lan interface ethX
vi /etc/shorewall/masq
eth0 tap0
and run
service shorewall restartThanks! It worked. I did it with the tun0. Are there any disadvantages to this method? I understand that the network tunnell address is just translated into the local network address.
I think that this is a workaround going against the idea that vpn traffic should retain original ip addresses.
You’re hiding all ip addresses connected through vpn.
I’d prefer to discover why samba doesn’t answer to requests from the vpn and fix samba configuration.
I am using Windows 7 Client that connects through OpenVPN with Nethserver. The Nethserver is behind a router (Port 1194 is open). The VPN (routed mode) is established without a problem, but when I try to mount the shared folder I get the connection build up message but after a while it shows an error.
I didn’t change any of the config files - I just added the networks to the hosts and interfaces lines in smb.conf.
If you need more information don’t hestitate to ask.
Try to make Bridged mode VPN.
One month ago I tried to make samba works. Unfortunately, Samba did not work on TUN neither TAP.
I tried to remove
bind interfaces only = yes
with adding my local and VPN networks. 
After @craaaft ask about the same things, i have found on GIT samba TAP library.
Maybe Samba package should be rebuilt with this library.
rebuilding pur own rpms is not an option