Samba share not accessible from a VPN client
Consider a LAN with a Debian machine as a router. The Debian machine
has three interfaces, eth0, eth1 and wlan0. The interface for VPN is tun0.
,----------.
ppp0 <------eth1 eth0--192.168.0.0/24--->to LAN switch
| wlan0--192.168.5.0/24---> WLAN
| tun0--172.16.15.0/24---> VPN
|__________|
|
Router, Samba and VPN server machine
Now, I have generated the certificates and keys for the VPN server
for various client.
>From my iptables firewall in the router machine, I allow traffic from my
LAN and WLAN to and from my VPN. This all works, I can browse the
internet by connecting via VPN from a laptop on WLAN.
However, how do I make sure all my traffic is going through the VPN
tunnel? On a client laptop on WLAN, I have the following information
after creating a VPN connection to the VPN server machine:
---------------------------------------------------------
~$ ifconfig
eth0 Link encap:Ethernet HWaddr <HEXNUM>
inet6 addr: fe80::211:43ff:fe5d:d6c3/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:4031 errors:0 dropped:0 overruns:0 frame:0
TX packets:326 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:1056515 (1.0 MB) TX bytes:46841 (46.8 KB)
Interrupt:17
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:53 errors:0 dropped:0 overruns:0 frame:0
TX packets:53 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:3644 (3.6 KB) TX bytes:3644 (3.6 KB)
tun0 Link encap:UNSPEC HWaddr
00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet addr:172.16.15.22 P-t-P:172.16.15.21 Mask:255.255.255.255
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1
RX packets:38 errors:0 dropped:0 overruns:0 frame:0
TX packets:33 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:4426 (4.4 KB) TX bytes:4493 (4.4 KB)
wlan0 Link encap:Ethernet HWaddr <HEXNUM>
inet addr:192.168.5.15 Bcast:192.168.5.255 Mask:255.255.255.0
inet6 addr: fe80::20b:7dff:fe08:259d/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:2467 errors:0 dropped:0 overruns:0 frame:0
TX packets:2763 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:1435407 (1.4 MB) TX bytes:461844 (461.8 KB)
~$ route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.5.1 0.0.0.0 255.255.255.255 UH 0 0 0 wlan0
172.16.15.21 0.0.0.0 255.255.255.255 UH 0 0 0 tun0
192.168.5.0 0.0.0.0 255.255.255.0 U 2 0 0 wlan0
192.168.0.0 172.16.15.21 255.255.255.0 UG 0 0 0 tun0
172.16.15.0 172.16.15.21 255.255.255.0 UG 0 0 0 tun0
169.254.0.0 0.0.0.0 255.255.0.0 U 1000 0 0 wlan0
0.0.0.0 172.16.15.21 0.0.0.0 UG 0 0 0 tun0
---------------------------------------------------------
This VPN client is on WLAN with address 192.168.5.15 and is also on VPN
(as a client, of course) with address 172.16.15.22. I am able to SSH
from a wired LAN machine to 172.16.15.22, but cannot to 192.168.5.15.
This is expected and correct behavior?
Now, the real question. I have setup Samba with a shared folder on the
VPN server. I have configured it to listen for connections from LAN
(192.168.0.0/24) and from VPN (172.16.15.0/24). Note that samba
connections from WLAN is not included here. I can browse the Samba
network from wireless machines fine. But I cannot do so from a wireless
machine with a VPN connection, i.e. VPN clients from my WLAN do not see
the Samba network (from Gnome Network browsing GUI). This is what I
wanted to achieve but it is not working. What am I missing here?
For reference, the relevant options in smb.conf are:
workgroup = VPN_Server
interfaces = 127.0.0.0/8 172.16.15.0/24 192.168.0.0/24
Thanks.
--
Please reply to this list only. I read this list on its corresponding
newsgroup on gmane.org. Replies sent to my email address are just
filtered to a folder in my mailbox and get periodically deleted without
ever having been read.
Reply to: