Shared Folder over OpenVPN

Question

Shared Folder over OpenVPN

ahunt 161

I've setup an OpenVPN server for our office environment that works flawlessly for normal traffic. The issue I'm having is concerning the Shared Folders we have on our network. Network shares aren't discoverable across the VPN Connection. VPN Users are on a different subnet with a static route connecting them to the local network (not sure if this is relevant). User and Server are running Windows 10 Professional. Network Shares appear to be accessible if the folder is pointed to the IP address of the machine hosting the share, although if any changes are made the share on the local network doesn't update. I'm already pushing DNS and WINS options to all VPN clients, is there another name server or service that needs to be hosted and accessible?

I can provide the OpenVPN server config if needed.

Accepted answer

2 additional answers

Your answer

Answer 1

10.8.0.6 can ping 192.168.1.1

OpenVPN pushes 192.168.1.91 (BIND) and 192.168.1.1 (Gateway/Router) as DNS options

I'm skipping this problem and pushing it out to get fixed later. To resolve the hostnames I'm just going to edit the hosts and lmhosts files in "C:/Windows/System32/drivers/etc/" This works for the network share and is okay for now since we don't have many company computers that will be using the VPN.

I'm not sure why it can't resolve the hostname when nslookup resolves with an A record. Docs describe resolving hostnames with DHCP, Domains and SNMP a better fix might be here but I don't have time to find it.

https://learn.microsoft.com/en-us/mem/configmgr/core/servers/deploy/configure/about-discovery-methods

Answer 2

Anonymous

Hi,

Thanks for posting in Q&A platform.

Based on my understanding, you could access to the shared folder by \ip address\shared folder but cannot access to it by \hostname\shared folder. Please correct me if my understanding is wrong.

May I know if there is any error message when you cannot access to the shared folder?

Can you access to the shared folder via FQDN?

If you run nslookup hostname of SMB server command on the VPN client, can you get the IP of the SMB server?

Best Regards,
Sunny

----------

If the Answer is helpful, please click "Accept Answer" and upvote it.

Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

ahunt 161 Reputation points

2021-01-19T17:04:57.36+00:00

Thank you for helping

We're using workgroups so I believe it's only the NetBIOS name, I don't believe there is a FQDN for the SMB share.

nslookup with the name of the server returns:
*** UnKnown can't find SERVER: Non-existent domain

\server ip\SharedFolder\ works and allows file transfer but the shared folder is not discoverable under the network tab

Is there a solution with workgroups or will I have to setup a domain controller?
ahunt 161 Reputation points

2021-01-19T17:28:25.983+00:00

My subnet mask is 255.255.255.0 if the two subnets are 192.168.1.0/24 and 192.168.2.0/24 should I change the subnet to 255.255.254.0?
There is a static route setup between them, Gateway and DNS are pushed to clients so all VPN clients have Gateway and DNS of 192.168.1.1
All services including ping, traceroute, etc. work except for SMB. All SMB related services have their scope edited in the firewall to include VPN clients.
Anonymous

2021-01-20T04:06:24.993+00:00

Thank you very much for your feedback @ahunt .

We do not need change the subnet to 255.255.244.0.

Could you please share the result of ipconfig /all of VPN client when connected to VPN. And please share the result of nslookup -d2 hostname of SMB server for further troubleshooting.

Please note: This is a public forum so please hide private information when posting these results.
ahunt 161 Reputation points

2021-01-20T14:36:00.583+00:00

I posted my comment as an answer because of the 1000 character limit, thank you again

Answer 3

{ipconfig}

Windows IP Configuration

Host Name . . . . . . . . . . . . : REDACTED
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Unknown adapter Local Area Connection 2:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : TAP-Windows Adapter V9 for OpenVPN Connect
Physical Address. . . . . . . . . : 00-FF-B1-53-11-74
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::acca:65b9:9a8b:8a.....6(Preferred)
IPv4 Address. . . . . . . . . . . : 10.8.0.6(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.252
Default Gateway . . . . . . . . . :
DHCPv6 IAID . . . . . . . . . . . : 268500913
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-25-7A-1
DNS Servers . . . . . . . . . . . : 192.168.1.1
NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Ethernet:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel(R) Ethernet Connection (4) I219-LM
Physical Address. . . . . . . . . : 98-FA-9......
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Local Area Connection* 1:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft Wi-Fi Direct Virtual Adapter
Physical Address. . . . . . . . . : 5C-5F
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Local Area Connection* 10:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft Wi-Fi Direct Virtual Adapter #2
Physical Address. . . . . . . . . : 5E-5F-67......
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wi-Fi:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel(R) Dual Band Wireless-AC 8265
Physical Address. . . . . . . . . : 5C-5F-6.........
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2600:1014:b04b:ab67:9d7f:b08b:ea60:8e43(Preferred)
Temporary IPv6 Address. . . . . . : 2600:1014:b04b:ab67:d93d:c4f1:d6c5:eb86(Preferred)
Link-local IPv6 Address . . . . . : fe80::9d7f:b08b:ea60:8e43%12(Preferred)
IPv4 Address. . . . . . . . . . . : 172.20.10.4(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.240
Lease Obtained. . . . . . . . . . : Tuesday, January 19, 2021 5:05:22 PM
Lease Expires . . . . . . . . . . : Thursday, January 21, 2021 7:52:01 AM
Default Gateway . . . . . . . . . : fe80::183.....
172.20.10.1
DHCP Server . . . . . . . . . . . : 172.20.10.1
DHCPv6 IAID . . . . . . . . . . . : 123494247
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-25-7A-1
DNS Servers . . . . . . . . . . . : fe80::1836:..........
172.20.10.1
fe80::1836:c8ed..........
NetBIOS over Tcpip. . . . . . . . : Enabled

{nslookup}

SendRequest(), len 42
HEADER:
opcode = QUERY, id = 1, rcode = NOERROR
header flags: query, want recursion
questions = 1, answers = 0, authority records = 0, additional = 0

QUESTIONS:
    1.1.168.192.in-addr.arpa, type = PTR, class = IN

Got answer (42 bytes):
HEADER:
opcode = QUERY, id = 1, rcode = NXDOMAIN
header flags: response, auth. answer, want recursion, recursion avail.
questions = 1, answers = 0, authority records = 0, additional = 0

QUESTIONS:
    1.1.168.192.in-addr.arpa, type = PTR, class = IN

Server: UnKnown
Address: 192.168.1.1

SendRequest(), len 28
HEADER:
opcode = QUERY, id = 2, rcode = NOERROR
header flags: query, want recursion
questions = 1, answers = 0, authority records = 0, additional = 0

QUESTIONS:
    SERVER2020, type = A, class = IN

Got answer (28 bytes):
HEADER:
opcode = QUERY, id = 2, rcode = NXDOMAIN
header flags: response, want recursion, recursion avail.
questions = 1, answers = 0, authority records = 0, additional = 0

QUESTIONS:
    SERVER2020, type = A, class = IN

SendRequest(), len 28
HEADER:
opcode = QUERY, id = 3, rcode = NOERROR
header flags: query, want recursion
questions = 1, answers = 0, authority records = 0, additional = 0

QUESTIONS:
    SERVER2020, type = AAAA, class = IN

Got answer (28 bytes):
HEADER:
opcode = QUERY, id = 3, rcode = NXDOMAIN
header flags: response, want recursion, recursion avail.
questions = 1, answers = 0, authority records = 0, additional = 0

QUESTIONS:
    SERVER2020, type = AAAA, class = IN

*** UnKnown can't find SERVER2020: Non-existent domain

I have a feeling this has something to do with NetBIOS and/or setting up a WINS server (which makes me shiver because it's partially deprecated) I setup a BIND server in the mean time to potentially translate NetBIOS to IP addresses. Thanks again for the help, I really appreciate it.

ahunt 161 Reputation points

2021-01-20T18:24:52.17+00:00

After setting up a BIND server I created an A record that points SMBSERVER at the correct IP Address of the server. Here is the nslookup -d2:

Got answer (54 bytes):
HEADER:
opcode = QUERY, id = 2, rcode = NOERROR
header flags: response, auth. answer, want recursion, recursion avail.
questions = 1, answers = 1, authority records = 0, additional = 0

QUESTIONS: SMBSERVER2020, type = A, class = IN ANSWERS: -> SMBSERVER2020 type = A, class = IN, dlen = 4 internet address = 192.168.1.32 ttl = 86400 (1 day)

The network share still doesn't connect and it's not discoverable through the VPN
Anonymous

2021-01-21T05:59:50.52+00:00

Hi，

Thank you very much for your feedback.

As the result of ipconfig /all from VPN client, the IPv4 address which the client obtained from VPN server was 10.8.0.6 and the DNS server is 192.168.1.1. If we need this DNS server to resolve host name of SMB server, then 10.8.0.6 needs to connect to 192.168.1.1 with correct route firstly. Please make sure 10.8.0.6 can connect to 192.168.1.1.

Best Regards,
Sunny

Share via

Shared Folder over OpenVPN

2 additional answers

Your answer