Posted: Fri Jun 19, 2020 19:46 Post subject: USB NAS not accessible via openvpn or pptp
Hi All,
I have R7000 router which I recently upgraded the firmware to DD-WRT v3.0-r43392 std (06/12/20) from an earlier DD WRT build. After the upgrade, everything worked fine, but the USB drive that I connected to the router via NAS now can only be accessed from local lan, not by remote computers connected via openvpn or pptp. The Openvpn and pptp clients can connect to the router and they can access other LAN resources (e.g. if I share a windows folder from another local computer), but they just cannot access the USB drive attached to the router unless they are connected directly within the LAN. This used to work fine in the old build, and considering I'm practically using the same setting as the old firmware (including the firewall setting), I wonder what could be causing this to happen.
Joined: 08 May 2018 Posts: 14246 Location: Texas, USA
Posted: Fri Jun 19, 2020 19:54 Post subject:
Please refer to the forum rules and guidelines. If a web search of this site or the forum search function has yielded no results to your question, then egc will likely chime in, but I am fairly certain that this topic has been discussed several times in detail in the forum recently, possibly under Advanced Networking. _________________ "Life is but a fleeting moment, a vapor that vanishes quickly; All is vanity"
Contribute To DD-WRT Pogo - A minimal level of ability is expected and needed... DD-WRT Releases 2023 (PolitePol)
DD-WRT Releases 2023 (RSS Everything)
----------------------
Linux User #377467 counter.li.org / linuxcounter.net
Posted: Fri Jun 19, 2020 20:01 Post subject: USB NAS not accessible via openvpn or pptp
thanks, I tried some search before positing but didn't see much relevant answers initially...maybe I missed something...let me do a deeper search again
Joined: 18 Mar 2014 Posts: 12917 Location: Netherlands
Posted: Fri Jun 19, 2020 20:54 Post subject:
Indeed like @kp69 mentioned it has been discussed.
We have a new in kernel samba which is still a WIP, it is possible to access the routers NAS but it needs "some" work.
For WireGuard and OpenVPN instructions are on page 17 of the WireGuard advanced setup guide and in the OpenVPN troubleshooting guide, links in my signature at the bottom of this post.
Indeed like @kp69 mentioned it has been discussed.
We have a new in kernel samba which is still a WIP, it is possible to access the routers NAS but it needs "some" work.
For WireGuard and OpenVPN instructions are on page 17 of the WireGuard advanced setup guide and in the OpenVPN troubleshooting guide, links in my signature at the bottom of this post.
PPtP needs the same workaround as OpenVPN and Wireguard.
But as it is dynamic you need to restart samba after the interface is.
PPtP is unsafe and I would advise you to use OpenVPN or WireGuard.
There is a recent thread discussing this.
Even with ”some work” I’ve had no success in getting samba to work across a WireGuard tunnel. Still WIP I’m afraid _________________ Netgear R7000 on Build 55109
Asus AC-AC68U rev. C1 (AP) on Build 55109
Asus AC-68U rev. A1 on Build 54604
Asus AC-68U rev. A1 on Build 53339
Posted: Sun Jun 21, 2020 4:59 Post subject: USB NAS not accessible via openvpn or pptp
tried to use bind interfaces only = no and set interfaces in /tmp/smb.conf, but once the router restarted, the file goes back to original file. so still not working for me.
Is there an older ddwrt build with working wireguard but have the version of samba that would work with vpn?
Posted: Sun Jun 21, 2020 8:53 Post subject: Re: USB NAS not accessible via openvpn or pptp
zelto238 wrote:
tried to use bind interfaces only = no and set interfaces in /tmp/smb.conf, but once the router restarted, the file goes back to original file. so still not working for me.
Is there an older ddwrt build with working wireguard but have the version of samba that would work with vpn?
You cannot customize samba by editing /tmp/smb.conf, the changes does not stick. You may use your own configuration by placing it in the folder /jffs/etc.
You also need to copy the file smb.db to this location.
Follow the directions that egc has written up in his 'advanced setup guide on Wireguard'.
I cannot tell if there is indeed a version containing Wireguard and an older version of Samba.
I suppose you could install samba from the Entware respository and run that instead. Have not tried that though. _________________ Netgear R7000 on Build 55109
Asus AC-AC68U rev. C1 (AP) on Build 55109
Asus AC-68U rev. A1 on Build 54604
Asus AC-68U rev. A1 on Build 53339
Joined: 18 Mar 2014 Posts: 12917 Location: Netherlands
Posted: Sun Jun 21, 2020 9:41 Post subject:
It is like @wabe said, i got it working on build 43420 with the following but ksmbd is a WIP so YMMV (from WireGuard Advanced setup page 17):
Quote:
When you want to access the routers NAS via internet with an app like AndSMB or from a connected Windows client you have to make manual changes to the smb.conf file.
You need permanent storage (jffs), after you have setup USB and NAS, copy /tmp/smb.conf and /tmp/smb.db to /jfss/etc/ , those files will then be used by ksmbd for configuration after the router reboots (or after you restart ksmbd, see below).
In the Global section of smb.conf add all the interface you want ksmbd to listen to.
When no interfaces are specified it seems to default to br0, eth0, vlan2, I am using a WG tunnel oet1 and an OpenVPN server tunnel tun2 and also wanted access from the LAN (br0), so I add:
interfaces = br0, oet1, tun2 (if necessary add WAN interface vlan2, eth0 and other interfaces like br1 etc.)
Some setups also need to set the hosts allow but normally this is not necessary:
hosts allow = 192.168.1.0/24, 10.4.0.0/24, 10.8.0.0/24. (some say to also include the local host 127.0.0.1)
Have a look in the Wireguard advanced setup guide.
If you do not have permanent storage add the folowing in startup (I have not tested it, it is on my list to make a nice script from this but this is the core):
Code:
sed -i "s/\[global\]/\[global\]\ninterfaces = br0, oet1, vlan2, eth0/" /tmp/smb.conf
Just tested again out of curiosity. Did not work on 43420 but I managed to connect to a router running 43471. Used identical smb.conf files including the statement ‘interfaces = br0, oet1’. Build 43420 does not seem to bind the eot1 interface while 43471 does. Checked using ‘ps’’. _________________ Netgear R7000 on Build 55109
Asus AC-AC68U rev. C1 (AP) on Build 55109
Asus AC-68U rev. A1 on Build 54604
Asus AC-68U rev. A1 on Build 53339
Last edited by wabe on Mon Jun 22, 2020 18:57; edited 1 time in total
It was loaded from jffs so that was not the problem. Did stop/start twice and checked with ‘ps’. _________________ Netgear R7000 on Build 55109
Asus AC-AC68U rev. C1 (AP) on Build 55109
Asus AC-68U rev. A1 on Build 54604
Asus AC-68U rev. A1 on Build 53339
Just a misspelling here on the forum I'm afraid. But you made me check _________________ Netgear R7000 on Build 55109
Asus AC-AC68U rev. C1 (AP) on Build 55109
Asus AC-68U rev. A1 on Build 54604
Asus AC-68U rev. A1 on Build 53339
I've got in touch with CIFSD developer, and hope this will eventually work for pptp as well, currently pptp-samba does not work without restarting the samba, since pptp uses temporary interfaces