Hello fellow mikrotik users,

I am having an issue with my OpenVPN server and my SMB fileserver.
The setup is the following:

The OpenVPN server is connected to the RB3011UiAS via ethernet on Port 5, ip address 192.168.1.238 the VPN network address space is 10.8.0.0/8.
The fileserver is running ReadyNAS and is connected via port 6, IP address 192.168.1.11.

I can successfully connect to my VPN from outside, ping my fileserver and access the internet, As soon as i try to access SMB shares directly inside the File Explorer, i get errors, saying the share can't be found. I think it is due to some routing issue from the fileserver to the VPN server but i might be wrong.

Any help is appreciated

Basic logic: if you can ping the other end, then it's not routing, it's something else.

In this particular case: can you use share from NAS if you type in windows explorer share name like this: \\192.168.1.11\sharename ? Windows filesharing depends on broadcasts to resolve names (if DNS is not available or unsuccessfull) and search for network neighbourhood. And broadcasts generally don't pass routers.

Basic logic: if you can ping the other end, then it's not routing, it's something else.

Generally it's only half true. It means that routing is correct in one direction. With strategically placed srcnat, the other direction could be broken, but the first one would still work. But in this case, SMB is TCP connection from client to server, so "if ping works, SMB should too" is true.

Does ReadyNAS allow access from everywhere? Maybe it does the same as default Windows config and allows access only from local subnet?

You need to add a route back to your VPN subnet on the SMB server or its gateway. So add a static route on the mikrotik over to your 10.8.0.0/8 net and set gw address to reach that net to 192.168.1.238. (your openvpn server)

Basic logic: if you can ping the other end, then it's not routing, it's something else.

In this particular case: can you use share from NAS if you type in windows explorer share name like this: \\192.168.1.11\sharename ? Windows filesharing depends on broadcasts to resolve names (if DNS is not available or unsuccessfull) and search for network neighbourhood. And broadcasts generally don't pass routers.

I tried accessing the SMB share directly via \\IP\\Share but it is not working.

Does ReadyNAS allow access from everywhere? Maybe it does the same as default Windows config and allows access only from local subnet?

The GUI is a nightmare, I will try to find the smb.conf and edit it accordingly.

You need to add a route back to your VPN subnet on the SMB server or its gateway. So add a static route on the mikrotik over to your 10.8.0.0/8 net and set gw address to reach that net to 192.168.1.238. (your openvpn server)

Please excuse my lack of knowledge, i tried to setup a static route today and failed miserably. Can you point me to a resource that would show how to set it up properly?

Hello, it can be a TCP/MSS issue

You need to add a route back to your VPN subnet on the SMB server or its gateway. So add a static route on the mikrotik over to your 10.8.0.0/8 net and set gw address to reach that net to 192.168.1.238. (your openvpn server)

Please excuse my lack of knowledge, i tried to setup a static route today and failed miserably. Can you point me to a resource that would show how to set it up properly?

Sure. I bet this fixes your issue. I have dealt with this issue a few times before.

So on your server, you can add a static route via the command line. The syntax is slightly different on windows vs a linux machine, but it's pretty close. If you are running samba for your SMB the syntax on the server's command shell would be "route add -net 10.8.0.0/8 gw 192.168.1.238"
Then you can run "route -n" to make sure the route was added.

You can also add that on your mikrotik via /ip route add dst-address=10.8.0.0/8 gateway=192.168.1.238 comment=route to opvn server

If doing this on a server you will want to make the route persistent so you will need to review your distro's documentation.

Cheers! and Good Luck.
KT

You can also add that on your mikrotik via /ip route add dst-address=10.8.0.0/8 gateway=192.168.1.238 comment=route to opvn server

I think this did the trick! Thank you so much, I really appreciate all the help from everyone
I was about to give up since I still can't connect to it while using Windows10. As my last desperate move i switched to Ubuntu and I can access my SMB shares. Tested with MacOS as well and both work fine. Figuring out the Windows Issue should be an easy task now.

Thanks again and cheers,
Philip

Hello fellow mikrotik users,

I am having an issue with my OpenVPN server and my SMB fileserver.
The setup is the following:

The OpenVPN server is connected to the RB3011UiAS via ethernet on Port 5, ip address 192.168.1.238 the VPN network address space is 10.8.0.0/8.
The fileserver is running ReadyNAS and is connected via port 6, IP address 192.168.1.11.

I can successfully connect to my VPN from outside, ping my fileserver and access the internet, As soon as i try to access SMB shares directly inside the File Explorer, i get errors, saying the share can't be found. I think it is due to some routing issue from the fileserver to the VPN server but i might be wrong.

Any help is appreciated

Sorry, but how have you done that? I have asked about it viewtopic.php?f=2&t=150319&p=740403&hil ... pn#p740403 but got no reply. Thanks