currently i have ipfire configured with a red interface …0.1 and a green interface …98.1, i have the openvpn service enabled which works with the pool …97.1, any user who connects to the green interface through openvpn can access any computer on the network by rdp, however these users cannot access the shared folders that are on the computers in the green interface, however between computers that are on the green interface they do have access to the shared folders, i have activated rules to open the ports requested by microsoft (135, 139, 445) for the smb protocol however this does not work, the user credentials were created with roadwarrior(host to net)
The first thing I want to clarify is that I am not a scammer, I am just an ipfire user, please do not block me!!!,
With this clarification, I continue to have the same situation, within my green network I have a NAS so that all users can access the company’s information, those users who connect locally can connect to this server normally, however those users who connect through openvpn cannot access said network, these users connect through roadwarrior and it is configured so that these users can see the green network, how to make the users who connect to the vpn access this NAS server?
Hello.
To help OpenVPN clients access shared folders on your Green network, there are a few things to double-check, as outlined in the IPFire documentation:
- Firewall Rules: Ensure that ports 135, 139, and 445 (both TCP/UDP) are open between the OpenVPN subnet and the Green network. This will allow SMB traffic for file sharing. Create a rule in Firewall Rules to allow traffic from your VPN network (e.g.,
10.x.x.x/24
) to the Green network (e.g.,192.168.x.x
). - Client-to-Client Communication: Make sure that “Client-to-client” communication is enabled in your OpenVPN settings. This allows VPN clients to communicate with devices in the Green network.
- Routing: Ensure that proper routing is configured between the OpenVPN and Green networks. The OpenVPN subnet must have a route to the Green network so that traffic can flow correctly.
- NAS Permissions: Verify that your NAS device allows access from the OpenVPN subnet. Some devices may restrict access to specific IP ranges, so make sure the VPN range is permitted.
Thanks,
A G
Adam, I want to thank you for your great help, first for listing my question and second because I was able to solve my problem, really thank you very much, however, if possible, please share this experience within your team, because providing the solution was really easy and it took me almost a month to solve it, but another moderator not only blocked my question but also unlisted it, harming me.
Once again Adam, THANK YOU VERY MUCH FOR YOUR SINCERE HELP!!
I am happy for you that it works now, but I didn’t have to do any of this and it works for me too. I have a network in the company with two servers running locally. I can connect from home to that network with OpenVPN (roadwarrior). I can access the shares on those servers just as if I was connected physically to that network. I haven’t fiddled around with ports, routes nor have I activated Client-to-Client in the settings. Maybe IPFire did all the necessary configuration in the background, I don’t know.
Just clarifying. You had to access the shares either by ip address or by putting an entry into the windows machine’s host file. As I recall, netbios does not work across a vpn without a wins server. Or is there another way these days? Just making sure I’m not missing something…
Client-to-Client should not be needed. That is to allow one OpenVPN client to communicate with another OpenVPN client.
Make sure the Green network is included in the routes, but it may be anyway.
I access the shares by the IP adress of the server providing the shared folder.