Unable to connect to SMB share through OpenVPN

[TheDarkPleco]

Hello,

I have recently set up a NAS using FreeNAS and created an SMB share on it so that I can share files between my home PCs. I have also made a VPN using OpenVPN on my raspberry pi on top of Raspbian Lite. When I connect via my VPN, I can ssh into the NAS and the Pi itself, but I cannot get my computers to see and use the network drive. It treats it as if it is nonexistent. I am wondering what I can do to fix this so that I can access my NAS from a distance using my VPN. I do know a raspberry pi will not work extremely fast in regards to downloading and uploading files, but most of what I will be sending is documents and text files. Any assistance is appreciated!

 

[derekullo]

I have a very similar setup at home using NAS4FREE. (or whatever they want to call it now lol)

When you are at home not using the VPN are you able to see the share?

I'm amazed you were able to get zfs to work or at least boot with only 1 gigabyte of ram.

 

[derekullo]

On my side I setup ftp on my nas4free box which allows me to connect to home using my public IP, Filezilla and credentials.

It isn't encrypted, but it's just music and movies.

What I think you're trying to do is bypass ftp and get a direct link from your faraway place and home.

Are these documents highly personal / financial or just school essays?

 

[TheDarkPleco]

I can see and easily transfer from it when on my home network. Sorry, I meant the VPN was on a raspberry pi, the FreeNAS server is on an old Dell Optiplex. It has 8GB of RAM and 3 2TB disks in RAID 1, or whatever ZFS calls it. The documents are just going to be for school, I don't trust my knowledge of security enough to risk otherwise, but I have been taking security tips from folks. I don't know exactly what FTP is. I know it stands for File Transfer Protocol, but I don't know how it really funcitons. Can I use it with my SMB share?

 

[derekullo]

FYI for my FTP server I use a Dell OptiPlex 790 with 3 - 2 terabyte drives in a zraid1 and 8 gigabytes of ram.
https://www.newegg.com/Product/Product.aspx?Item=9SIA8WV5MN9593

It's only $90 not including the extra 4 gigabytes of ram and real hard drives.

My actual backup server that backs up the FTP server is a xeon with expensive stuff.

 

[derekullo]

Spooky how similar our NAS are lol.

 

[TheDarkPleco]

That is scary similar! But do you happen to know how I can access the share through my VPN? Does Filezilla allow me to access the files from outside my own network?

 

[derekullo]

An SMB share or Server Message Block one version of which was also known as Common Internet File System (CIFS) operates as an application-layer network protocol mainly used for providing shared access to files, printers, and serial ports and miscellaneous communications between nodes on a network. (Copy pasted from wikipedia)

So an SMB or CIFS share is how you are able to see shares locally. (I am sure the acronym CIFS is on your SMB page somewhere.)

You create the share and everyone on your network has access or is at least presented with a username and password prompt for authentication.

So far so good.

 

[derekullo]

Filezilla is able to use FTP in order to transfer files.

With an FTP server i forward port 21 on my router to 1 computer ... my NAS4FREE FTP server.

So all requests for port 21 go to that computer.

So when I am at work and I tell Filezilla to say hello at My.Public.Ip: port21 it knows exactly which computer on my network to talk to or at least the router forces it to talk to my ftp server.

 

[derekullo]

The above is one way to do it.

The way you are attempting to do it is to force your far away computer onto the same network of your home computer so instead of typing your public IP you could just type your private IP, 192.168.x.x just like you were at your house trying to access it.

The problem you appear to be having is once you are at this step you are unable to see any computers.

Can you ping the private IP address of your Freenas computer while on the VPN?

 

[derekullo]

OpenVPN sounds interesting and I may actually test it after you mentioning it.

But it sounds overly complicated versus FTP for what your intended use is.

(VPN does have its place for when you need strong encryption for transferring important files)

Going the FTP route you only need a router and your Freenas computer.

No OpenVPN on a Raspberry Pi is needed, which by the way all your data would have to flow through.

I can't imagine the speed being very fast, but as you mentioned it is just documents.

My FTP Nas4free server has been going strong without any security issues for about a year and a half.

I'm not saying I would store my tax information on it, but it is plenty safe enough for music and movies.

 

[TheDarkPleco]

I think I will try to use FTP then, it sounds more secure and like it will take less effort. I can see all computers no problem when I am on my VPN, just not the SMB share. I can ssh into my NAS locally as well as into my raspberry pi and regular desktop. I am only missing the SMB share. That's why I find it so strange, I can see everything except the share it seems.

 

[bill001g]

It is likely a routing issue but I am not sure how you did the raspberry.

Let say you did it with a common router. You would hook the WAN port of that router to the LAN of the main router. So now you vpn comes into the router on it wan port and get assigned a IP on the LAN port. So if you were to hook your NAS behind the second router then you could have access via vpn but not your home network because of the NAT.

If you hook the nas to the main router then the things on the home network would work but you now have the issue that the vpn session is assigned a IP on the lan of the second router. It would have to have the ability to get to the network between the routers. This tends to be very messy to get to work because the vpn session is going to use the same ip...the wan ip of the second router....both the terminate the vpn and to NAT the lan ip assigned via the vpn. It technically can be done but how exactly you allow it varies a lot from router to router. I have no clue how you would do it on a raspberry device.

It would be much better if you could run the vpn function on your main router

 

[stdragon]

You are mapping to the SMB share via its IP address and not host-name, yes?

 

[TheDarkPleco]

I am mapping it by the host name because the SMB is on my FREENAS system and doesn't seem to have an IP address. Would it be the same as the FREENAS system?

 

[TheDarkPleco]

I map it as \\FREENAS\DriveName. It has worked locally, just not over VPN.

 

[stdragon]

\\IPADDRESS\DriveName

* where IPADDRESS is the actual IP address (192.168.1.100 for example)

Try that, it should work over VPN. The reason it doesn't work with the Host Name is because of name resolution and NETBIOS broadcasting won't cross network segments, such as a VPN or router. Host Name can work with DNS setup properly, or that you have an entry hard-coded in the HOSTS file located in c:\Windows\System32\Drivers\etc

 

[stdragon]

By the way, yes, your FREE NAS box has an IP address. It's probably set to DHCP; in which case you can either leave it at DHCP with it set to an IP via DHCP Reservation in your router, or set your FREE NAS box to a static IP in the networking properties.

If you plan on going Static IP manually, be sure to set it outside DHCP of your existing DHCP scope. If the scope goes from .2 though .254, try reducing the scope so it starts at 100 and ends 199. You don't really have 99 devices as near as I can tell from your network - especially if it's a small home network.

 

[TheDarkPleco]

\\IPADDRESS\DriveName

* where IPADDRESS is the actual IP address (192.168.1.100 for example)

Try that, it should work over VPN. The reason it doesn't work with the Host Name is because of name resolution and NETBIOS broadcasting won't cross network segments, such as a VPN or router. Host Name can work with DNS setup properly, or that you have an entry hard-coded in the HOSTS file located in c:\Windows\System32\Drivers\etc

Thank you very much, I will try that when I get off of work! I was wondering why it just didn't seem to recognize it!