OpenVPN and Samba

Hi,
I can’t see my samba disks when I’m connected via OpenVPN and (FFS) I cannot find any option in LuCI where to enable it.
Can someone help please? :slight_smile:

Is samba running? ps shows smbd running?
Try to mount them directly? You know the name of your own server?

Samba is OK - I can access my disks when I’m at home. But can’t access them when I’m connected via oVPN.

Hard to help without more info about your setup … or some log output .

If the samba shares are on windows10 and later, check what samba protocol(dialect) is at use?.
5 things to know before troubleshooting SMB performance check the “negotiation” section, so you can pick min/max protocol to ensure you are using compatible ones (server/clients).

Also check the firewall and enable ports : It is old and for SAMBA3, but that stuff for windows10 machine setup should work. Maxmilian's notes on smb.conf and some stuff is still valid even for samba4 :slight_smile:

Also what type of routing are you using for OpenVPN and what protocol (tcp/udp?). Do you have option topology 'subnet' also option client_to_client '1' in your openvpn uci config ?

As for mounting, you can mount any samba directly to your router filesystem or to any lxc container and access via the router (not directly openvpn-client to lan-client).

If you have it mounted directly to Turris and still strugling with access, check if you have correct rights/ownership (from openwrt perspective) as well correct rights/mask (from samba perspective).

Hi, have you been able to solve this issue? I have the same problem. I suspect the problem is that samba listens only on lan interface and not also on the vpn_turris interface. I don’t know how to add the other interface as the “custom” option does not let me specify two interfaces.

I think the better aproach would be to add trafic rule in firewall to allow forwarding from lan to vpn_turris

1 Like

Samba doesn’t listen on vpn interface. I have wireguard and can access to samba with local subnet ip such as:
smb://192.168.1.1

Guessing same way should work with OpenVPN also.

It should work … if you have set (in openvpn config) option client_to_client '1' (which allows vpn users to see each other) and option topology 'subnet' (so users are in same network, not isolated) .
You can do it via traffic rule for sure, but i think that simple zone forwarding should work in general (so next time you add another service to your local lan zone, you do not need to create new traffic rule).

I have it like this and all local services are accessible to vpn users :slight_smile: