Page 1 of 1

VPN & SAMBA on Same Server -- Cant Access SAMBA

Posted: Mon Nov 04, 2019 10:20 pm
by marc25v
Hi all,

I am attempting to figure out how to access my SAMBA shares that are on the same server as the VPN when connected as a VPN client.

Current Architecture:
- Client: iOS / Android Mobile Device -- On Mobile Data
- VPN Server: Linux Raspberry PI -- 192.168.0.2
- Samba Server : Same as the VPN Server -- 192.168.0.2

-----
What Works:
- Connected to the VPN, I can access the internet AND all LOCAL network drives and devices, EXCEPT the Raspberry PI running the Server and the Samba shares.

What Doesnt Work:
- I cannot access the 192.168.0.2 IP address when I am connected via VPN.

What I Would Hope to Work:
- When connected to the VPN, I can access Internet, and ALL local devices on the network, including the Raspberry PI 192.168.0.2.

----
Any suggestions? Thanks!

Re: VPN & SAMBA on Same Server -- Cant Access SAMBA

Posted: Tue Nov 05, 2019 6:54 am
by jennylove
Can you ping the samba server? Access its shares via \\IPADDRESS? Is the samba server on the same subnet as everything that can be seen?

Re: VPN & SAMBA on Same Server -- Cant Access SAMBA

Posted: Tue Nov 05, 2019 1:34 pm
by marc25v
Hi

I cannot ping the samba share or even SSH into the server when connected. I cannot connect to the share even using the IP address. Yes, it is on the same subnet.

Thanks a lot

Re: VPN & SAMBA on Same Server -- Cant Access SAMBA

Posted: Wed Nov 06, 2019 12:15 am
by ozone
This is a known issue on (at least) linux.

Try bridging the virtualhub to a new tap-device (on vpnserver).
Give this tapdevice in Raspbian a new (fixed, unused) ip-address, eg 192.168.0.3.
From the vpn-clients, use that new ip-address to access the resources on the pi.

Success,

Oz

Re: VPN & SAMBA on Same Server -- Cant Access SAMBA

Posted: Thu Nov 28, 2019 8:14 pm
by MyronSz
Have you managed to do this without using SecureNAT? I've done similar, but I'm using SecureNAT and the tapdevice's IP address I've set within the IP range of the SecureNAT.
ozone wrote:
Wed Nov 06, 2019 12:15 am
Try bridging the virtualhub to a new tap-device (on vpnserver).
Give this tapdevice in Raspbian a new (fixed, unused) ip-address, eg 192.168.0.3.
From the vpn-clients, use that new ip-address to access the resources on the pi.

Re: VPN & SAMBA on Same Server -- Cant Access SAMBA

Posted: Sat Nov 30, 2019 2:48 pm
by ozone
@MyronSz

yes. Just checked it.
This is what I did:
-Created virtualhubs "lan"and "nat"
-Setup securenat for "nat"
-bridged "lan" to eth0 AND a new tapdevice "tap_lan"
-bridged "nat" to a new tapdevice "tap_nat"
-In linux, set eth0 to fixed ip, incl gateway and dns (from your internet gateway), ip could also be via dhcp.
-In linux, set tap_lan to fixed ip in same range as eth0
-In linux, set tap_nat to fixed ip in same range as securenat.

Now, this is the result:
-when connected via vpn to virtualhub "lan", I can connect to resources on the ip of tap_lan
-when connected via vpn to virtualhub "nat", I can connect to resources on the ip of tap_nat

(tested on raspbian jessie on pi3)

Maybe something else is dropping the packages....?