[Solved] Connecting to a Samba share over OpenVPN

Post new topic   Reply to topic    DD-WRT Forum Index -> Advanced Networking
Author Message
fhortner
DD-WRT Novice


Joined: 05 May 2020
Posts: 5

PostPosted: Thu May 07, 2020 8:15    Post subject: [Solved] Connecting to a Samba share over OpenVPN Reply with quote
Hi all,

I had some stroughle to set up an OpenVPN server, but finally I got it working, thanks to egc's guide. Thanks @egc!

I also set up a Samba share via the Web GUI which works perfectly fine within my home network.

But what does not work is to access the Samba share via Open VPN Client.

I "startpaged" Very Happy (not google but startpage.com) around, searched a lot in the forum for already 4 days, but so far I have not found any answer.

The only thing I found was this:
https://openvpn.net/community-resources/connecting-to-a-samba-share-over-openvpn/

So I copied smb.conf from /tmp/smb.conf to /jffs/etc/smb.conf and added those lines. But with this, I can not even access the samba share from within my home network anymore, so I deleted /jffs/etc/smb.conf again.

I never thought that accessing an SMB share from the VPN would be so difficult, also because it worked with my previus firmware (AsusWRT).

Thanks for your support Smile

Network
Router: 192.168.1.1
Homenetwork: 192.168.1.0/24
OpenVPN server running on 192.168.1.1
Samba Server running on 192.168.1.1
OpenVPN Client network: 10.8.0.0
OpenVPN client software for Android and Linux

Firmware: DD-WRT v3.0-r43028 std (04/29/20)
Router: Netgear R7000
Sponsor
egc
DD-WRT Guru


Joined: 18 Mar 2014
Posts: 12834
Location: Netherlands

PostPosted: Thu May 07, 2020 9:52    Post subject: Reply with quote
Glad to hear that you got the OpenVPN server working.

The problem is the new in kernel Samba which is not always doing what we want Sad (I must confess I went back to the old Samb36)

Not all SMB apps appear to work (yet).

But indeed the hosts allow is reported to do the trick, why it is not working for you ,sadly I do not know.

From the latest OpenVPN Troubleshooting guide: https://forum.dd-wrt.com/phpBB2/download.php?id=43221
Quote:
Routers NAS not reachable on newer builds with ksmbd
When you want to access the routers NAS via internet with an app like andSMB it appears you have
to change the hosts allow in tmp/smb.conf to include the VPN subnet (10.8.0.0/24): hosts allow =
10.8.0.0/24.
You can copy tmp/smb.conf to /jffs/etc/ if you have permanent/usb storage so that it will be read
from there (since build 42693).

_________________
Routers:Netgear R7000, R6400v1, R6400v2, EA6900 (XvortexCFE), E2000, E1200v1, WRT54GS v1.
Install guide R6400v2, R6700v3,XR300:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399
Install guide R7800/XR500: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614
Forum Guide Lines (important read):https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324087
fhortner
DD-WRT Novice


Joined: 05 May 2020
Posts: 5

PostPosted: Sat May 09, 2020 10:17    Post subject: Reply with quote
Thanks @egc

It would be interesting, if anyone else has the same problem. If so, it looks like a bug. If not it is a configuration issue.

Has anyone else the same problem?
If so, I would suggest to open a bug report.

For you Troubleshooting guide:
funny you, adding the issue to your guide, after I posted the issue with what I found as soltuion - and than quoting your guide as a solution Wink
But sure, I the guide is helpful for enyone else, in case it is not a bug.

Thanks for your reply Smile
egc
DD-WRT Guru


Joined: 18 Mar 2014
Posts: 12834
Location: Netherlands

PostPosted: Sat May 09, 2020 10:29    Post subject: Reply with quote
It was already reported earlier:

https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=323849&highlight=hosts+allow

https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324490&highlight=hosts+allow (tenth post)

A little googling and you could have found it yourself

Also already in the Wireguard setup guide

_________________
Routers:Netgear R7000, R6400v1, R6400v2, EA6900 (XvortexCFE), E2000, E1200v1, WRT54GS v1.
Install guide R6400v2, R6700v3,XR300:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399
Install guide R7800/XR500: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614
Forum Guide Lines (important read):https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324087
fhortner
DD-WRT Novice


Joined: 05 May 2020
Posts: 5

PostPosted: Sat May 09, 2020 12:00    Post subject: Reply with quote
As stated in the first post, I do not use Google, so I do not google, I startpage Razz

Joke aside, I already found those posts via the forum search earlier. No worries, I do not doubt your experience and expertise. It was just curious for me to see your quote for a soltution that I already stated does not work Wink

As I said, it is not about the configuration, because it does not work as expected
wabe
DD-WRT Guru


Joined: 17 Jun 2006
Posts: 889

PostPosted: Tue May 12, 2020 11:37    Post subject: Reply with quote
fhortner wrote:
Thanks @egc

It would be interesting, if anyone else has the same problem. If so, it looks like a bug. If not it is a configuration issue.

Has anyone else the same problem?
If so, I would suggest to open a bug report.

For you Troubleshooting guide:
funny you, adding the issue to your guide, after I posted the issue with what I found as soltuion - and than quoting your guide as a solution Wink
But sure, I the guide is helpful for enyone else, in case it is not a bug.

Thanks for your reply Smile


I also have problems reaching smb through a Wireguard tunnel. Simply doesn't work. Have tried with both Mac and Window clients. Smb at the router has the 'allow hosts' line but no success. Access to a Synology NAS (also smb) works fine.

_________________
Netgear R7000 on Build 55109
Asus AC-AC68U rev. C1 (AP) on Build 55109
Asus AC-68U rev. A1 on Build 54604
Asus AC-68U rev. A1 on Build 53339
grc
DD-WRT User


Joined: 11 Jul 2018
Posts: 122

PostPosted: Tue May 12, 2020 15:17    Post subject: Reply with quote
user Failure404 helped me to get this working

1. configure smb as desired
2. copy smb.conf and smb.db to /jffs/etc
3. add "hosts allow =" and" interfaces =" to /jffs/etc/smb.conf

for example i have ovpn server on 10.8.0.0 tun2, i added:

hosts allow = 127.0.0.1 10.8.0.
interfaces = br0 tun2
wabe
DD-WRT Guru


Joined: 17 Jun 2006
Posts: 889

PostPosted: Tue May 12, 2020 17:21    Post subject: Reply with quote
grc wrote:
user Failure404 helped me to get this working

1. configure smb as desired
2. copy smb.conf and smb.db to /jffs/etc
3. add "hosts allow =" and" interfaces =" to /jffs/etc/smb.conf

for example i have ovpn server on 10.8.0.0 tun2, i added:

hosts allow = 127.0.0.1 10.8.0.
interfaces = br0 tun2

Will try to add ”interfaces” and see how that turns out. Thanks for the pointer.

EDIT: Tried adding the interfaces line, broke samba in my case.

_________________
Netgear R7000 on Build 55109
Asus AC-AC68U rev. C1 (AP) on Build 55109
Asus AC-68U rev. A1 on Build 54604
Asus AC-68U rev. A1 on Build 53339
fhortner
DD-WRT Novice


Joined: 05 May 2020
Posts: 5

PostPosted: Thu May 14, 2020 6:36    Post subject: Reply with quote
grc wrote:
user Failure404 helped me to get this working

1. configure smb as desired
2. copy smb.conf and smb.db to /jffs/etc
3. add "hosts allow =" and" interfaces =" to /jffs/etc/smb.conf

for example i have ovpn server on 10.8.0.0 tun2, i added:

hosts allow = 127.0.0.1 10.8.0.
interfaces = br0 tun2


As stated in the first post, this breaks SMB completely. It may work for non kernel based SMB, but with the current dd-wrt releases this is standard. So far it looks like this is a bug of dd-wrt and needs to be fixed.
egc
DD-WRT Guru


Joined: 18 Mar 2014
Posts: 12834
Location: Netherlands

PostPosted: Fri May 15, 2020 13:47    Post subject: Reply with quote
I still get connection refused but it does not break it.
I tried with anonymous, user root, and with an added user but still connection refused Sad

It seems it is also running on my WAN interface as can be seen with ps

One tip you can stop and start it with:
stopservice samba3
startservice samba3

When I have more time I will research further

_________________
Routers:Netgear R7000, R6400v1, R6400v2, EA6900 (XvortexCFE), E2000, E1200v1, WRT54GS v1.
Install guide R6400v2, R6700v3,XR300:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399
Install guide R7800/XR500: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614
Forum Guide Lines (important read):https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324087
egc
DD-WRT Guru


Joined: 18 Mar 2014
Posts: 12834
Location: Netherlands

PostPosted: Fri May 15, 2020 14:01    Post subject: Reply with quote
I got it running using andSMB but had to choose SMBv1 in andSMB

Furthermore I specified also my routers subnet (192.168.5.0/24) but not sure if that is necessary

_________________
Routers:Netgear R7000, R6400v1, R6400v2, EA6900 (XvortexCFE), E2000, E1200v1, WRT54GS v1.
Install guide R6400v2, R6700v3,XR300:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399
Install guide R7800/XR500: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614
Forum Guide Lines (important read):https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324087
egc
DD-WRT Guru


Joined: 18 Mar 2014
Posts: 12834
Location: Netherlands

PostPosted: Fri May 15, 2020 14:21    Post subject: Reply with quote
Routers NAS not reachable on newer builds with ksmbd

When you want to access the routers NAS via internet with an app like andSMB it appears you have to change the hosts allow in tmp/smb.conf to include the VPN subnet (10.8.0.0/24):
hosts allow = 10.8.0.0/24 (some say to also include the local host 127.0.0.1)
And add the interface of the VPN:
interfaces = br0, tun2 ( maybe also WAN interface eth0 or vlan2, those seem to be running by default (see ps))

You can copy tmp/smb.conf and smb.db to /jffs/etc/ if you have permanent/usb storage so that it will be read from there (since build 42693).

Use stopservice samba3, startservice samba3, to stop and start.

I got it working with andSMB but I had to choose SMB v1 in andSMB.

_________________
Routers:Netgear R7000, R6400v1, R6400v2, EA6900 (XvortexCFE), E2000, E1200v1, WRT54GS v1.
Install guide R6400v2, R6700v3,XR300:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399
Install guide R7800/XR500: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614
Forum Guide Lines (important read):https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324087
wabe
DD-WRT Guru


Joined: 17 Jun 2006
Posts: 889

PostPosted: Fri May 15, 2020 20:34    Post subject: Reply with quote
egc wrote:
Routers NAS not reachable on newer builds with ksmbd

When you want to access the routers NAS via internet with an app like andSMB it appears you have to change the hosts allow in tmp/smb.conf to include the VPN subnet (10.8.0.0/24):
hosts allow = 10.8.0.0/24 (some say to also include the local host 127.0.0.1)
And add the interface of the VPN:
interfaces = br0, tun2 ( maybe also WAN interface eth0 or vlan2, those seem to be running by default (see ps))

You can copy tmp/smb.conf and smb.db to /jffs/etc/ if you have permanent/usb storage so that it will be read from there (since build 42693).

Use stopservice samba3, startservice samba3, to stop and start.

I got it working with andSMB but I had to choose SMB v1 in andSMB.


Are you using the built-in samba or a custom one from Entware?
I'll try to add the VPN subnet in the 'hosts allow' statement and see if it helps.
I tried to add the 'interfaces=bro eot1' to my Wireguard setup but that crashed samba

_________________
Netgear R7000 on Build 55109
Asus AC-AC68U rev. C1 (AP) on Build 55109
Asus AC-68U rev. A1 on Build 54604
Asus AC-68U rev. A1 on Build 53339
egc
DD-WRT Guru


Joined: 18 Mar 2014
Posts: 12834
Location: Netherlands

PostPosted: Sat May 16, 2020 7:38    Post subject: Reply with quote
wabe wrote:
egc wrote:
Routers NAS not reachable on newer builds with ksmbd

When you want to access the routers NAS via internet with an app like andSMB it appears you have to change the hosts allow in tmp/smb.conf to include the VPN subnet (10.8.0.0/24):
hosts allow = 10.8.0.0/24 (some say to also include the local host 127.0.0.1)
And add the interface of the VPN:
interfaces = br0, tun2 ( maybe also WAN interface eth0 or vlan2, those seem to be running by default (see ps))

You can copy tmp/smb.conf and smb.db to /jffs/etc/ if you have permanent/usb storage so that it will be read from there (since build 42693).

Use stopservice samba3, startservice samba3, to stop and start.

I got it working with andSMB but I had to choose SMB v1 in andSMB.


Are you using the built-in samba or a custom one from Entware?
I'll try to add the VPN subnet in the 'hosts allow' statement and see if it helps.
I tried to add the 'interfaces=bro eot1' to my Wireguard setup but that crashed samba


I am using a build with the in kernel samba so basically what DDWRT is using in the recent builds.
I have copied the smb.conf and smb.db to /jffs/etc and it those are used ( I was afraid the USB stick would boot to slowly but it seems to work, otherwise add this to startup:
sleep 20 && stopservice samba3 && startservice samba3

This is my /jffs/etc/smb.conf (using WireGuard, I use the second tunnel to connect to from outside with my Android phone and andSMB, the first tunnel is with PBR to my VPN provider)
Code:
root@R7800-2:~# cat /jffs/etc/smb.conf
[global]
log level = 1
netbios name = R7800-2
server string = R7800s
syslog = 10
encrypt passwords = true
preferred master = yes
use sendfile = yes
aio read size = 2048
aio write size = 2048
large readwrite = yes
security = user
mangled names = no
max stat cache size = 64
workgroup = home
bind interfaces only = yes
guest account = nobody
map to guest = Bad User
smb passwd file = /var/samba/smbpasswd
private dir = /var/samba
passdb backend = smbpasswd
log file = /var/smbd.log
max log size = 1000
socket options = TCP_NODELAY IPTOS_LOWDELAY SO_SNDBUF=262144 SO_RCVBUF=262144
read raw = yes
write raw = yes
oplocks = yes
max xmit = 65536
dead time = 15
getwd cache = yes
lpq cache time = 30
min protocol = SMB2_10
max protocol = SMB3_11
printing = none
load printers = No
usershare allow guests = Yes
smb3 encryption = no
hosts allow = 10.4.0.0/24
interfaces = br0, oet2

[jffs]
comment = jffs
path = /jffs/
read only = no
guest ok = yes

force user = root
[opt]
comment = opt
path = /opt/
read only = no
guest ok = yes

force user = root


this morning I checked again and it was not working, after stopservice samba3 && startservice samba3 it was working again, the router has been idle all night so not sure what is going on at least ksmbd is a WIP and we have to tweak some more settings?

_________________
Routers:Netgear R7000, R6400v1, R6400v2, EA6900 (XvortexCFE), E2000, E1200v1, WRT54GS v1.
Install guide R6400v2, R6700v3,XR300:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399
Install guide R7800/XR500: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614
Forum Guide Lines (important read):https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324087
Display posts from previous:    Page 1 of 1
Post new topic   Reply to topic    DD-WRT Forum Index -> Advanced Networking All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You cannot download files in this forum