[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Samba share not accessible from a VPN client



Consider a LAN with a Debian machine as a router. The Debian machine
has three interfaces, eth0, eth1 and wlan0. The interface for VPN is tun0.
            ,----------.
ppp0 <------eth1    eth0--192.168.0.0/24--->to LAN switch
            |      wlan0--192.168.5.0/24---> WLAN
            |       tun0--172.16.15.0/24---> VPN
            |__________|

                 |
            Router, Samba and VPN server machine


Now, I have generated the certificates and keys for the VPN server
for various client.

>From my iptables firewall in the router machine, I allow traffic from my
LAN and WLAN to and from my VPN. This all works, I can browse the
internet by connecting via VPN from a laptop on WLAN.

However, how do I make sure all my traffic is going through the VPN
tunnel? On a client laptop on WLAN, I have the following information
after creating a VPN connection to the VPN server machine:
---------------------------------------------------------
~$ ifconfig
eth0      Link encap:Ethernet  HWaddr <HEXNUM>
          inet6 addr: fe80::211:43ff:fe5d:d6c3/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:4031 errors:0 dropped:0 overruns:0 frame:0
          TX packets:326 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:1056515 (1.0 MB)  TX bytes:46841 (46.8 KB)
          Interrupt:17

lo        Link encap:Local Loopback
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:53 errors:0 dropped:0 overruns:0 frame:0
          TX packets:53 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:3644 (3.6 KB)  TX bytes:3644 (3.6 KB)

tun0      Link encap:UNSPEC  HWaddr
00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
          inet addr:172.16.15.22  P-t-P:172.16.15.21  Mask:255.255.255.255
          UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1500  Metric:1
          RX packets:38 errors:0 dropped:0 overruns:0 frame:0
          TX packets:33 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:100
          RX bytes:4426 (4.4 KB)  TX bytes:4493 (4.4 KB)

wlan0     Link encap:Ethernet  HWaddr <HEXNUM>
          inet addr:192.168.5.15  Bcast:192.168.5.255  Mask:255.255.255.0
          inet6 addr: fe80::20b:7dff:fe08:259d/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:2467 errors:0 dropped:0 overruns:0 frame:0
          TX packets:2763 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:1435407 (1.4 MB)  TX bytes:461844 (461.8 KB)



~$ route -n
Kernel IP routing table
Destination   Gateway       Genmask       Flags Metric Ref    Use Iface
192.168.5.1  0.0.0.0      255.255.255.255 UH    0      0        0 wlan0
172.16.15.21 0.0.0.0      255.255.255.255 UH    0      0        0 tun0
192.168.5.0  0.0.0.0      255.255.255.0   U     2      0        0 wlan0
192.168.0.0  172.16.15.21 255.255.255.0   UG    0      0        0 tun0
172.16.15.0  172.16.15.21 255.255.255.0   UG    0      0        0 tun0
169.254.0.0  0.0.0.0      255.255.0.0     U     1000   0        0 wlan0
0.0.0.0      172.16.15.21 0.0.0.0         UG    0      0        0 tun0

---------------------------------------------------------

This VPN client is on WLAN with address 192.168.5.15 and is also on VPN
(as a client, of course) with address 172.16.15.22. I am able to SSH
from a wired LAN machine to 172.16.15.22, but cannot to 192.168.5.15.
This is expected and correct behavior?


Now, the real question. I have setup Samba with a shared folder on the
VPN server. I have configured it to listen for connections from LAN
(192.168.0.0/24) and from VPN (172.16.15.0/24). Note that samba
connections from WLAN is not included here. I can browse the Samba
network from wireless machines fine. But I cannot do so from a wireless
machine with a VPN connection, i.e. VPN clients from my WLAN do not see
the Samba network (from Gnome Network browsing GUI). This is what I
wanted to achieve but it is not working. What am I missing here?

For reference, the relevant options in smb.conf are:
   workgroup = VPN_Server
   interfaces = 127.0.0.0/8 172.16.15.0/24 192.168.0.0/24


Thanks.



-- 

Please reply to this list only. I read this list on its corresponding
newsgroup on gmane.org. Replies sent to my email address are just
filtered to a folder in my mailbox and get periodically deleted without
ever having been read.


Reply to: