I have a working openvpn server at home and can connect to it using a remote openvpn client at work. Client is on windows 10 home, server is debian. I know the openvpn is working because I can ssh to my server using a local IP using putty.
I want to connect to a samba share that is setup on the server. I know the samba share is accessible on my home network because I can access it from other local machines. However, trying to access the server in the remote windows explorer with "\\mandelbrot" or "\\192.168.1.4" both fail with the "Windows cannot access …" message.
Additionally, when I try to browse network on the remote machine at work, I can only see machines that are on my work network. I would have thought that when connected to the VPN, these network items would disappear, or at least I would be able to see my work items in addition to the usual things i see when locally logged in at home (plex server, windows computer, samba shares, etc.)
Why can't I see anything from my home network within windows explorer, most critically, my samba shares, even when using their local address?
The only possibly relavant link I saw was the following. However, I am not seeing the permission error he describes, and it does not explain why I cannot see my other remote network items, which leads me to believe this is not the problem. Additionally, I cannot try his solution because windows 10 home does not have a local security policy editor.
Can't connect to SMB shares using OpenVPN
Samba Config (relevant parts):
#======================= Global Settings =====================================
[global]
# workgroup = NT-Domain-Name or Workgroup-Name
workgroup = WORKGROUP
# server string is the equivalent of the NT Description field
server string = Samba Server
netbios name = MANDELBROT
map to guest = Bad User
hosts allow = 192.168.1. 192.168.2. 127. 10.8.
security = user
interfaces = 192.168.12.2/24 192.168.13.2/24 10.8.0.0/24
#============================ Share Definitions ==============================
[homes]
comment = Home Directories
browseable = no
writable = yes
[Data]
path=/mnt/array
valid users = kyle
read only = no
create mask = 777
directory mask = 0777
OpenVPN server config:
port 1194
proto udp
;dev tap
dev tun
;dev-node MyTap
ca ca.crt
cert server.crt
key server.key # This file should be kept secret
dh dh2048.pem
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
;server-bridge 10.8.0.4 255.255.255.0 10.8.0.50 10.8.0.100
;server-bridge
;push "route 192.168.10.0 255.255.255.0"
;push "route 192.168.20.0 255.255.255.0"
;client-config-dir ccd
;route 192.168.40.128 255.255.255.248
;client-config-dir ccd
;route 10.9.0.0 255.255.255.252
;learn-address ./script
push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS 208.67.222.222"
push "dhcp-option DNS 208.67.220.220"
;client-to-client
;duplicate-cn
keepalive 10 120
;tls-auth ta.key 0 # This file is secret
;cipher BF-CBC # Blowfish (default)
;cipher AES-128-CBC # AES
;cipher DES-EDE3-CBC # Triple-DES
comp-lzo
;max-clients 100
user nobody
group nogroup
persist-key
persist-tun
status openvpn-status.log
;log openvpn.log
;log-append openvpn.log
verb 3
;mute 20
OpenVPN client config:
client
;dev tap
dev tun
;dev-node MyTap
;proto tcp
proto udp
remote **.***.***.*** 1194
;remote-random
resolv-retry infinite
nobind
user nobody
group nogroup
persist-key
persist-tun
;http-proxy-retry # retry on connection failures
;http-proxy [proxy server] [proxy port #]
;mute-replay-warnings
ns-cert-type server
;tls-auth ta.key 1
;cipher x
comp-lzo
verb 3
;mute 20
<ca>
...
</ca>
<cert>
...
</cert>
<key>
...
</key>
Best Answer
See this link from the official documentation.
It would seem to me that SAMBA is not listening on the VPN Interface, so you need to modify your samba file and change the hosts allow and interfaces directives.
If your SAMBA server is on a different machine, you will need to ensure that the routing from the SAMBA server is such that it knows how to find the path back to the VPN.
If you want to be bridged onto the local network, rather then simply able to reach it as is the case at the moment, you need to use Ethernet Bridging (ie the OpenVPN TAP driver)