Unavailability of smb sharing via vpn (L2TP / ipsec)

Does your setup include the AD container?

I verified your assumption by disabling the firewall and testing access to the smb share (… / bin / systemctl stop shorewall.service). Result: Samba without response to a client connected to an L2TP VPN. I still don’t understand the reason.
Ping from nethserver to ip VPN client responds, ping from client to nethserver responds. Other services on the netserver (eg apache, web admin) correspond. If the problem, as you mention, is in a poorly designed VPN topology (although it’s not ideal and you have better concepts), then why is everything else properly routed between the client and the services and has valid answers. Why does NAS sharing, WS2012, work and samba / nethserver doesn’t respond?

… I’m just looking for an explanation or an idea of how to set up samba.

Yes, there is an AD controller on the nethserver.
It probably won’t have anything to do with it. Everything in the LAN works. The L2PT VPN connection client does not receive an auth request from the nethserver.

Did you already try to connect to a guest share on Nethserver by IP instead of name to exclude DNS or ACL issues?

Are the samba ports (139, 445) on Neth reachable?


You may try to connect with smbclient on Linux to get more information about what’s not working. I’m not a Mac user but there’s smbutil.

Can you add a static MAC-IP association on your Router?

I always connect to the server share via ip (local) -
Thanks for the idea to scan the ports. Unfortunately, Mac OS does not have nmap in the equipment. I’ll probably try to run a VPN L2TP / ipsec client on a Linux desktop. where will be more networking tools …


1 Like