OpenVPN doesn't show remote network shares

Question

I have a working openvpn server at home and can connect to it using a remote openvpn client at work. Client is on windows 10 home, server is debian. I know the openvpn is working because I can ssh to my server using a local IP using putty.

I want to connect to a samba share that is setup on the server. I know the samba share is accessible on my home network because I can access it from other local machines. However, trying to access the server in the remote windows explorer with "\\mandelbrot" or "\\192.168.1.4" both fail with the "Windows cannot access ..." message.

Additionally, when I try to browse network on the remote machine at work, I can only see machines that are on my work network. I would have thought that when connected to the VPN, these network items would disappear, or at least I would be able to see my work items in addition to the usual things i see when locally logged in at home (plex server, windows computer, samba shares, etc.)

Why can't I see anything from my home network within windows explorer, most critically, my samba shares, even when using their local address?

The only possibly relavant link I saw was the following. However, I am not seeing the permission error he describes, and it does not explain why I cannot see my other remote network items, which leads me to believe this is not the problem. Additionally, I cannot try his solution because windows 10 home does not have a local security policy editor.

Can't connect to SMB shares using OpenVPN

Samba Config (relevant parts):

#======================= Global Settings =====================================
[global]

# workgroup = NT-Domain-Name or Workgroup-Name
   workgroup = WORKGROUP

# server string is the equivalent of the NT Description field  
   server string = Samba Server
   netbios name = MANDELBROT 
   map to guest = Bad User

   hosts allow = 192.168.1. 192.168.2. 127. 10.8.


   security = user


   interfaces = 192.168.12.2/24 192.168.13.2/24 10.8.0.0/24

#============================ Share Definitions ==============================
[homes]
   comment = Home Directories
   browseable = no
   writable = yes

[Data]
    path=/mnt/array
    valid users = kyle
    read only = no
    create mask = 777
    directory mask = 0777

OpenVPN server config:

port 1194
proto udp
;dev tap
dev tun

;dev-node MyTap

ca ca.crt
cert server.crt
key server.key  # This file should be kept secret

dh dh2048.pem

server 10.8.0.0 255.255.255.0

ifconfig-pool-persist ipp.txt

;server-bridge 10.8.0.4 255.255.255.0 10.8.0.50 10.8.0.100

;server-bridge

;push "route 192.168.10.0 255.255.255.0"
;push "route 192.168.20.0 255.255.255.0"

;client-config-dir ccd
;route 192.168.40.128 255.255.255.248

;client-config-dir ccd
;route 10.9.0.0 255.255.255.252

;learn-address ./script

push "redirect-gateway def1 bypass-dhcp"

push "dhcp-option DNS 208.67.222.222"
push "dhcp-option DNS 208.67.220.220"

;client-to-client

;duplicate-cn

keepalive 10 120

;tls-auth ta.key 0 # This file is secret

;cipher BF-CBC        # Blowfish (default)
;cipher AES-128-CBC   # AES
;cipher DES-EDE3-CBC  # Triple-DES

comp-lzo

;max-clients 100

user nobody
group nogroup

persist-key
persist-tun

status openvpn-status.log

;log         openvpn.log
;log-append  openvpn.log

verb 3
;mute 20

OpenVPN client config:

client

;dev tap
dev tun

;dev-node MyTap

;proto tcp
proto udp

remote **.***.***.*** 1194

;remote-random

resolv-retry infinite

nobind

user nobody
group nogroup

persist-key
persist-tun

;http-proxy-retry # retry on connection failures
;http-proxy [proxy server] [proxy port #]

;mute-replay-warnings

ns-cert-type server

;tls-auth ta.key 1

;cipher x

comp-lzo

verb 3

;mute 20

<ca>
...
</ca>
<cert>
...
</cert>
<key>
...
</key>

Answer 1

See this link from the official documentation.

It would seem to me that SAMBA is not listening on the VPN Interface, so you need to modify your samba file and change the hosts allow and interfaces directives.

If your SAMBA server is on a different machine, you will need to ensure that the routing from the SAMBA server is such that it knows how to find the path back to the VPN.

If you want to be bridged onto the local network, rather then simply able to reach it as is the case at the moment, you need to use Ethernet Bridging (ie the OpenVPN TAP driver)

Answer 2

I faced a similar problem and fixed by connecting the machine referred to by the share to the VPN. Then I could access the share by using the VPN URL 10.8....

Answer 3

Microsoft Networking requires broadcast packets .. OpenVPN in TUN mode does not support broadcast packets. You can either use a network bridge and OpenVPN in TAP mode or address the share directly like so: net use x: //ip.address/sharename

However, trying to access the server in the remote windows explorer with "\\mandelbrot" or "\\192.168.1.4" both fail with the "Windows cannot access ..." message.

\\mandelbrot will probably not work at work because that machine is not known to your work's network name server.

\\192.168.1.4 may not work because your work uses the same subnet.