Samba shares over VPN

Connection sharing, Firewall, Samba..etc
Forum rules
Before you post please read how to get help
Post Reply
consult
Level 1
Level 1
Posts: 6
Joined: Mon Feb 24, 2020 7:32 pm

Samba shares over VPN

Post by consult »

Hello, anyone out there. I'm a newbie to Linux in general. I have a desktop computer running LinuxMint 64 bit - latest release. I also have a laptop running windows 10pro. On my Linux computer I set up a Sambaserver, and I shared one of my drives. From my windows computer I can connect, read and write on this shared drive without any problems, over my local home network. On my Linux computer I installed also a OPENVPN server. From my windows computer I can connect to my OPENVPN server from a remote location. So far everything ok. What I cannot figure out is how i can connect to that same sambashare from a remote location using openvpn. I have a dynamic dns created let's say abcdefg@ddns.net. How to do this? I'm searching the internet everywhere to find a solution for my problem since the last two weeks, with no avail. Can somebody help me. Thanks

NuBz
Level 2
Level 2
Posts: 96
Joined: Fri Feb 21, 2020 2:11 pm

Re: Samba shares over VPN

Post by NuBz »

Another option might be to connect to your server then ssh to the other machine.
Just thought of that because ssh is fairly simple to setup and you wouldn't have to allow remote connections to it or forward any extra ports since you would be connecting to it from inside your netwrok after you connected to the vpn server.
I would suggest being sure that everything possible was done to secure the ssh sever and client of course regardless, no need to take any chances.

Win10 comes with an ssh client out of the box now(at least my GF's machine has one and I didn't install it) so no need to mess with Putty as far as I know.

Don't know much about Samba sorry that I can't help more.

consult
Level 1
Level 1
Posts: 6
Joined: Mon Feb 24, 2020 7:32 pm

Re: Samba shares over VPN

Post by consult »

Thanks NuBz for your answer. I don't have a problem to connect to my linux server from remote location. I can connect to my openvpn server. But then what do i have to do. I can see i established a connection. But what do I have to do from there on to see my samba shares? I tried to on windows laptop to map a network drive giving as server name : "abcdefg.ddns.net\sharename" but all i get is fault messages. I never have the opportunity to fill in username or password for the sambaserver. That is my main problem.

Pippin
Level 4
Level 4
Posts: 368
Joined: Wed Dec 13, 2017 11:14 am
Location: The Shire

Re: Samba shares over VPN

Post by Pippin »

Can you post:
1. server config
2. client config
From command line on server:
3.

Code: Select all

sudo cat /proc/sys/net/ipv4/ip_forward
4.

Code: Select all

sudo iptables -S
5.

Code: Select all

sudo iptables -t nat -S
Replace/remove private info like IP address/DDNS of server and inline keys.
Peer review = Ossification of current assumptions, the censorship of competing hypotheses.

Mathematical proofs = Elegant consistencies within a synthetic man-made universe.
Models are not reality, no matter how elegant.

consult
Level 1
Level 1
Posts: 6
Joined: Mon Feb 24, 2020 7:32 pm

Re: Samba shares over VPN

Post by consult »

Hi, Pippin, thanks for your reply.
My server is a desktop computer running Linux Mint 19. The internal fixed ip-adres : 192.168.1.100
This computer is behind a modem/router from my ISP. Port forwarding : port 943 (both UDP and TC/IP).
I have a dynamic dns let's say abcdef@ddns.net. On my windows laptop i can connect to my desktop over openvpn - I downloaded the Openvpnconnect client on my windows laptop. When I click 'connect' I can make the connection. My client software says : 'Connected', and in the graphic I can see there is data traffic. My Openvpnconnect client tells me also that my private ip is 172.27.232.3 - Server ip : 192.168.1.100 - Server Public Ip : 192.168.1.100.
So far, so good.
On my desktop computer (running Linux Mint and OpenVpn Server) I have a harddrive that I want to read and write to. I installed on my desktop also Samba Server, the harddrive is shared etc. From my windows laptop i have access to this hartdrive from within my home network. In my windows laptop I did 'Map network drive' and this works flawlessly.
When I'm not home I want to have acces to that same harddrive too, so I start my Openvpn connection, that says that I'm connected. And then I'm stuck. How can I see that harddrive? Do I have to map another network drive now using my dynamic dns adress or how do I have to proceed?

As you asked me some info from the command line on the server :

~$ sudo cat /proc/sys/net/ipv4/ip_forward

1



~$ sudo iptables -S
-P INPUT ACCEPT
-P FORWARD ACCEPT
-P OUTPUT ACCEPT
-N AS0_ACCEPT
-N AS0_IN
-N AS0_IN_NAT
-N AS0_IN_POST
-N AS0_IN_PRE
-N AS0_IN_ROUTE
-N AS0_OUT
-N AS0_OUT_LOCAL
-N AS0_OUT_POST
-N AS0_OUT_S2C
-N AS0_WEBACCEPT
-A INPUT -m state --state RELATED,ESTABLISHED -j AS0_ACCEPT
-A INPUT -i lo -j AS0_ACCEPT
-A INPUT -m mark --mark 0x2000000/0x2000000 -j AS0_IN_PRE
-A INPUT -p tcp -m state --state NEW -m tcp --dport 915 -j AS0_ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 914 -j AS0_ACCEPT
-A INPUT -p udp -m state --state NEW -m udp --dport 917 -j AS0_ACCEPT
-A INPUT -p udp -m state --state NEW -m udp --dport 916 -j AS0_ACCEPT
-A INPUT -m state --state RELATED,ESTABLISHED -j AS0_WEBACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 943 -j AS0_WEBACCEPT
-A FORWARD -m state --state RELATED,ESTABLISHED -j AS0_ACCEPT
-A FORWARD -m mark --mark 0x2000000/0x2000000 -j AS0_IN_PRE
-A FORWARD -o as0t+ -j AS0_OUT_S2C
-A OUTPUT -o as0t+ -j AS0_OUT_LOCAL
-A AS0_ACCEPT -j ACCEPT
-A AS0_IN -d 172.27.224.1/32 -j ACCEPT
-A AS0_IN -j AS0_IN_POST
-A AS0_IN_NAT -j MARK --set-xmark 0x8000000/0x8000000
-A AS0_IN_NAT -j ACCEPT
-A AS0_IN_POST -d 192.168.1.0/24 -j ACCEPT
-A AS0_IN_POST -o as0t+ -j AS0_OUT
-A AS0_IN_POST -j DROP
-A AS0_IN_PRE -d 169.254.0.0/16 -j AS0_IN
-A AS0_IN_PRE -d 192.168.0.0/16 -j AS0_IN
-A AS0_IN_PRE -d 172.16.0.0/12 -j AS0_IN
-A AS0_IN_PRE -d 10.0.0.0/8 -j AS0_IN
-A AS0_IN_PRE -j ACCEPT
-A AS0_IN_ROUTE -j MARK --set-xmark 0x4000000/0x4000000
-A AS0_IN_ROUTE -j ACCEPT
-A AS0_OUT -j AS0_OUT_POST
-A AS0_OUT_LOCAL -p icmp -m icmp --icmp-type 5 -j DROP
-A AS0_OUT_LOCAL -j ACCEPT
-A AS0_OUT_POST -j DROP
-A AS0_OUT_S2C -j AS0_OUT
-A AS0_WEBACCEPT -j ACCEPT



~$ sudo iptables -t nat -S

-P PREROUTING ACCEPT
-P INPUT ACCEPT
-P OUTPUT ACCEPT
-P POSTROUTING ACCEPT
-N AS0_DPFWD_TCP
-N AS0_DPFWD_UDP
-N AS0_NAT
-N AS0_NAT_POST_REL_EST
-N AS0_NAT_PRE
-N AS0_NAT_PRE_REL_EST
-N AS0_NAT_TEST
-A PREROUTING -m state --state RELATED,ESTABLISHED -j AS0_NAT_PRE_REL_EST
-A PREROUTING -d 192.168.1.100/32 -p udp -m udp --dport 1194 -m state --state NEW -j AS0_DPFWD_UDP
-A PREROUTING -d 192.168.1.100/32 -p tcp -m tcp --dport 443 -m state --state NEW -j AS0_DPFWD_TCP
-A POSTROUTING -m state --state RELATED,ESTABLISHED -j AS0_NAT_POST_REL_EST
-A POSTROUTING -m mark --mark 0x2000000/0x2000000 -j AS0_NAT_PRE
-A AS0_DPFWD_TCP -p tcp -j DNAT --to-destination 192.168.1.100:914
-A AS0_DPFWD_TCP -j ACCEPT
-A AS0_DPFWD_UDP -p udp -j DNAT --to-destination 192.168.1.100:916
-A AS0_DPFWD_UDP -j ACCEPT
-A AS0_NAT -o enp2s0 -j SNAT --to-source 192.168.1.100
-A AS0_NAT -j ACCEPT
-A AS0_NAT_POST_REL_EST -j ACCEPT
-A AS0_NAT_PRE -m mark --mark 0x8000000/0x8000000 -j AS0_NAT
-A AS0_NAT_PRE -d 169.254.0.0/16 -j AS0_NAT_TEST
-A AS0_NAT_PRE -d 192.168.0.0/16 -j AS0_NAT_TEST
-A AS0_NAT_PRE -d 172.16.0.0/12 -j AS0_NAT_TEST
-A AS0_NAT_PRE -d 10.0.0.0/8 -j AS0_NAT_TEST
-A AS0_NAT_PRE -j AS0_NAT
-A AS0_NAT_PRE_REL_EST -j ACCEPT
-A AS0_NAT_TEST -o as0t+ -j ACCEPT
-A AS0_NAT_TEST -m mark --mark 0x4000000/0x4000000 -j ACCEPT
-A AS0_NAT_TEST -d 172.27.224.0/20 -j ACCEPT
-A AS0_NAT_TEST -j AS0_NAT

Pippin
Level 4
Level 4
Posts: 368
Joined: Wed Dec 13, 2017 11:14 am
Location: The Shire

Re: Samba shares over VPN

Post by Pippin »

Ok,

I see you have installed the commercial OpenVPN Access Server which I have no experience with.
You can try the OpenVPN forum here:
https://forums.openvpn.net/viewforum.php?f=24
Place your post under configuration.

Or un-install it and install the OpenVPN Community version, then I could be of more help.
https://community.openvpn.net/openvpn/w ... twareRepos
You would want to install release/2.4 bionic in that case.
Peer review = Ossification of current assumptions, the censorship of competing hypotheses.

Mathematical proofs = Elegant consistencies within a synthetic man-made universe.
Models are not reality, no matter how elegant.

consult
Level 1
Level 1
Posts: 6
Joined: Mon Feb 24, 2020 7:32 pm

Re: Samba shares over VPN

Post by consult »

Thank you for your swift answer.

Good you tell me there is also a community version, I was not aware of that.
I will install this version and try it out in the next few days. I will eventually get back to you. Thank you for your help.

Pippin
Level 4
Level 4
Posts: 368
Joined: Wed Dec 13, 2017 11:14 am
Location: The Shire

Re: Samba shares over VPN

Post by Pippin »

Your welcome,

I would also advise to un-install the Windows Connect client (currently beta) and install the latest version 2.4.8 from here:
https://openvpn.net/community-downloads/

Later.
Peer review = Ossification of current assumptions, the censorship of competing hypotheses.

Mathematical proofs = Elegant consistencies within a synthetic man-made universe.
Models are not reality, no matter how elegant.

consult
Level 1
Level 1
Posts: 6
Joined: Mon Feb 24, 2020 7:32 pm

Re: Samba shares over VPN

Post by consult »

Hello again,

As you suggested, i removed all my existing openvpn files, and installed the openvpn community server on my Linux desktop.
I also installed the windows file on my windows10 laptop. Now, AFAIK I should install certificates and so on, so to my regret I'm stuck here again.
Maybe it is possible for you to show me the way from here?
Thanks in advance.

Pippin
Level 4
Level 4
Posts: 368
Joined: Wed Dec 13, 2017 11:14 am
Location: The Shire

Re: Samba shares over VPN

Post by Pippin »

A little short on time right now ( but will help you ) but a good start would be here:
https://community.openvpn.net/openvpn/wiki/HOWTO
It's important to read it, especially since you will run your own server.
Peer review = Ossification of current assumptions, the censorship of competing hypotheses.

Mathematical proofs = Elegant consistencies within a synthetic man-made universe.
Models are not reality, no matter how elegant.

NuBz
Level 2
Level 2
Posts: 96
Joined: Fri Feb 21, 2020 2:11 pm

Re: Samba shares over VPN

Post by NuBz »

consult wrote:
Mon Feb 24, 2020 8:48 pm
Thanks NuBz for your answer. I don't have a problem to connect to my linux server from remote location. I can connect to my openvpn server. But then what do i have to do. I can see i established a connection. But what do I have to do from there on to see my samba shares? I tried to on windows laptop to map a network drive giving as server name : "abcdefg.ddns.net\sharename" but all i get is fault messages. I never have the opportunity to fill in username or password for the sambaserver. That is my main problem.
What I was getting at is connecting to your server and the ssh from the server to the other machine.

I do this occasionally when I want to look at a file or whatever when I am not home and it is pretty simple once the server is setup.
Just a playtoy for me not anything serious.

Now that I think about it this probably isn't what you are looking for.

Pippin
Level 4
Level 4
Posts: 368
Joined: Wed Dec 13, 2017 11:14 am
Location: The Shire

Re: Samba shares over VPN

Post by Pippin »

The next step is:
https://community.openvpn.net/openvpn/w ... pleclients

You can create following directories in advance to copy the certs/keys (and possibly scripts for username/password authentication):

Code: Select all

sudo mkdir /etc/openvpn/{certs,scripts}

Code: Select all

ls /etc/openvpn
should show

Code: Select all

certs
client
scripts
server
and possibly

Code: Select all

update-resolv-conf
Edit:
Do not password-protect your client keys.
Peer review = Ossification of current assumptions, the censorship of competing hypotheses.

Mathematical proofs = Elegant consistencies within a synthetic man-made universe.
Models are not reality, no matter how elegant.

Pippin
Level 4
Level 4
Posts: 368
Joined: Wed Dec 13, 2017 11:14 am
Location: The Shire

Re: Samba shares over VPN

Post by Pippin »

After you generated and copied the certs/keys and DH parameters, generate a tlscrypt.key:

Code: Select all

sudo openvpn --genkey --secret /etc/opevpn/certs/tlscrypt.key

Code: Select all

sudo chmod 0400 /etc/openvpn/certs/{ca.crt,server.crt,server.key,dh2048.pem,tlscrypt.key}
Replace the file names between {} as generated by easyrsa.

Next time, the server configuration file.

In the mean time also take a look at:
https://community.openvpn.net/openvpn/w ... gConflicts
Peer review = Ossification of current assumptions, the censorship of competing hypotheses.

Mathematical proofs = Elegant consistencies within a synthetic man-made universe.
Models are not reality, no matter how elegant.

consult
Level 1
Level 1
Posts: 6
Joined: Mon Feb 24, 2020 7:32 pm

Re: Samba shares over VPN

Post by consult »

Thank you so much. Tomorow I will start everything as you told me... It is in the middle of the night here now, so I need to sleep first.
I'm very lucky that you will put me on my way.

Post Reply

Return to “Other networking topics”