OpenVPN+Samba server same router: can't access samba share from vpn

I have a openwrt router running 2 servers: openvpn and samba from whithin the lan behind my ISP router. OpenVPN clients can access lan ressources like expected. The config has just LAN/LAN6 interfaces but I dedicated a firewall zone for the tunnel with forwarding rules allowing ovpn<->lan.
The problem is that openvpn clients cannot access the samba server when it´s on the same router but when running on a different device it works like a charm. The Samba client complaints about not being able to open port 445. I tried many variations of firewall rules to allow this port but nothing worked. Any suggestion?

  • The router uses 192.168.111.4, gateway 192.168.111.1, ovpn clients: 192.168.9.x
  • There was also a similar thread but the solution found there requires 2 devices and I want only one.
  • I can ssh to the router using the lan address (192.168.111.4)
firewall settings
firewall.@defaults[0]=defaults
firewall.@defaults[0].input='REJECT'
firewall.@defaults[0].output='ACCEPT'
firewall.@defaults[0].forward='REJECT'
firewall.@defaults[0].synflood_protect='1'
firewall.lan=zone
firewall.lan.name='lan'
firewall.lan.input='ACCEPT'
firewall.lan.output='ACCEPT'
firewall.lan.forward='ACCEPT'
firewall.lan.masq6='1'
firewall.lan.network='lan' 'lan6'
firewall.lan.masq='1'
firewall.@zone[1]=zone
firewall.@zone[1].name='opvn'
firewall.@zone[1].input='ACCEPT'
firewall.@zone[1].output='ACCEPT'
firewall.@zone[1].forward='ACCEPT'
firewall.@zone[1].device='tun0'
firewall.@forwarding[0]=forwarding
firewall.@forwarding[0].src='opvn'
firewall.@forwarding[0].dest='lan'
firewall.@forwarding[1]=forwarding
firewall.@forwarding[1].src='lan'
firewall.@forwarding[1].dest='opvn'

Add the vpn interface to the listening interfaces.

image

Verify that samba is really listening on this interface.

root@MikroTik:~# netstat -nlp | grep -e '445'
tcp        0      0 192.168.2.1:445         0.0.0.0:*               LISTEN      8357/smbd
tcp        0      0 10.9.8.1:445            0.0.0.0:*               LISTEN      8357/smbd

Try to connect using the vpn server's IP address.

That was the missing link. I had not defined an interface for the tun0 device and I was using the "covered device" option instead from the advanced tab in the firewall zone definition. That prevented me from opening access in Samba. I created an ovpn interface for tun0, updated the firewall zone accordingly and finally I could add it to Samba interfaces. Solved!

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.