Windows 10 SMB shares across VPN subnet

Snake 1 Reputation point
2021-12-01T19:52:17.147+00:00

Hello and thank you for looking at this question.

I have a VPN enabled between two locations via IPSec VPN-enabled routers. Local details are as follows:

Network1:
192.168.213.75 router (gateway), 255.255.255.128 mask

Network2:
192.168.212.75 router (gateway), 255.255.255.128 mask

Within both networks sit a NAS, located at 192.168.x.86. When inside either network everything works as expected, SMB shares, printers, scanners, Ethernet to USB bridge, IoT devices, phones, tablets, etc. Even the phones can access SMB shares thanks to Total Commander.

The problem is that Windows 10 devices cannot access SMB shares across the VPN, that is across a different subnet. I am able to ping the NAS drives across the VPN but cannot SMB connect to them. Interestingly the Linux-powered NAS devices (a LaCie running Seagate OS4, and a QNAP running QTS5) themselves have no problem seeing one another through the VPN and can map SMB shares and browse without issue, although Win10 devices (and the Total Commander-installed Android phone) can not.

So Windows 10 devices are unable to connect to a shared SMB resource across the subnet-divided VPN. I have tried:

I am sure I am still missing a few attempts on that list!

SMB1 is installed in the Windows 10 devices. Only Windows Firewall is running on all Win10 devices.

I am running out of ideas. Can anyone be of assistance?

Thank you!

Windows for business | Windows Client for IT Pros | Networking | Network connectivity and file sharing
{count} votes

3 answers

Sort by: Most helpful
  1. Jared Arnold 6 Reputation points
    2021-12-01T20:06:35.49+00:00

    If you haven't already, have you checked the SMBClient Event Logs to see what might be happening on the Windows 10 machines?

    'Connectivity' & 'Operational' under "Microsoft-Windows-SMBClient" will usually point me in the right direction with SMB issues.

    1 person found this answer helpful.

  2. Gary Nebbett 6,216 Reputation points
    2021-12-01T21:25:59.67+00:00

    Hello @Snake ,

    If the Event Log does not hint at the cause, then a trace of the provider would probably help. That would contain information like this:

    154235-image.png

    The "Packet" and "Packet Fragment" entries contain the raw protocol bytes of the SMB commands, so if the "SMB send/receive" entries are not sufficient, one can fall back to the raw bytes (and their description in [MS-SMB2]).

    Gary

    1 person found this answer helpful.

  3. Snake 1 Reputation point
    2021-12-02T14:08:14.42+00:00

    Thank you all for the comments! Thanks to your replies I believe I have traced the problem: the IPSec VPN seems to be forwarding SMB port 139 but not port 445, which is the only port Windows 10 now uses for SMB. The Linux-based NAS devices can still fall back on 139 (SMB 1) if 445 (SMB 2/3) fails, so they connect regardless. Even with SMB 1 installed on Windows 10, it only communicates on SMB using port 445.

    Running a Test-NetConnection from a Windows 10 machine across the VPN to the opposite NAS device receives a True (pass) on port 139 but a False (fail) on port 445.

    I have contacted the router manufacturer for feedback on this and am awaiting their reply.

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.