You definetly need a TAP connection to make samba work over VPN. We use OpenVPN host2net-accounts created with IPCop here since quite a while and it works with samba without problems. However, the speed is of course not as fast as in local net, but this is rather related to the way the SMB-protocoll works. ;-) ________________________________________ Von: samba [samba-bounces at lists.samba.org]" im Auftrag von "Reindl Harald [h.reindl at thelounge.net] Gesendet: Sonntag, 1. November 2015 05:41 An: samba at lists.samba.org Betreff: Re: [Samba] Openvpn and samba: play nice together? Am 31.10.2015 um 21:45 schrieb Douglas D Germann Sr:> I'm stumped! Cannot get mount.cifs to work over a tun connection. How > would you trouble-shoot this? > > 1. It cannot be openvpn causing the problem: I can ping across the > connection both directions on all machinesTUN is a routed VPN with no broadcast over networks TAP is a bridged VPN so it *can* and likely is how you setup your VPN
openVPN with TUN connection works perfect here.
I configured 2 TUN connections to connect two remote offices(over DSL
line) to our main site without any issue.
Here is my configuration:
Main site: samba4 AD DC server1, plus a file server1, and a dedicated
openVPN server
site1: samba4 AD DC server2, plus a file server2, and a dedicated
openVPN server with TUN connection to the main site
all clients log in to this AD DC and can map share on file
server2(local) and on file server1(located in the main site)
site2: no AD DC, but a dedicated openVPN server with TUN connection to
the main site
all clients log in to the AD DC on the main site, and map
share on file server1(located in the main site)
I think if you don't use browse function then you don't need TAP
connection.
AD DC uses DNS without any broadcast.
Allen
On 11/1/2015 7:20 AM, Christian Keck wrote:> You definetly need a TAP connection to make samba work over VPN. We use
OpenVPN host2net-accounts created with IPCop here since quite a while and it
works with samba without problems. However, the speed is of course not as fast
as in local net, but this is rather related to the way the SMB-protocoll works.
;-)
>
> ________________________________________
> Von: samba [samba-bounces at lists.samba.org]" im Auftrag von
"Reindl Harald [h.reindl at thelounge.net]
> Gesendet: Sonntag, 1. November 2015 05:41
> An: samba at lists.samba.org
> Betreff: Re: [Samba] Openvpn and samba: play nice together?
>
> Am 31.10.2015 um 21:45 schrieb Douglas D Germann Sr:
>> I'm stumped! Cannot get mount.cifs to work over a tun connection.
How
>> would you trouble-shoot this?
>>
>> 1. It cannot be openvpn causing the problem: I can ping across the
>> connection both directions on all machines
> TUN is a routed VPN with no broadcast over networks
> TAP is a bridged VPN
>
> so it *can* and likely is how you setup your VPN
>
>
>
>
--
Allen Chen
Network Administrator
IT
Harbourfront Centre
235 Queens Quay West, Toronto, ON
M5J 2G8, Canada | harbourfrontcentre.com
<http://www.harbourfrontcentre.com>
Office: +1 416 973 7973
Cell: +1 416 556 2493
Hm, I can mount cifs over tun openvpn with no problem. I never though it to be something impossible. 2015-11-02 17:45 GMT+03:00 Allen Chen <achen at harbourfrontcentre.com>:> openVPN with TUN connection works perfect here. > I configured 2 TUN connections to connect two remote offices(over DSL > line) to our main site without any issue. > Here is my configuration: > Main site: samba4 AD DC server1, plus a file server1, and a dedicated > openVPN server > site1: samba4 AD DC server2, plus a file server2, and a dedicated openVPN > server with TUN connection to the main site > all clients log in to this AD DC and can map share on file > server2(local) and on file server1(located in the main site) > site2: no AD DC, but a dedicated openVPN server with TUN connection to the > main site > all clients log in to the AD DC on the main site, and map share > on file server1(located in the main site) > > I think if you don't use browse function then you don't need TAP > connection. > AD DC uses DNS without any broadcast. > > Allen > > On 11/1/2015 7:20 AM, Christian Keck wrote: > >> You definetly need a TAP connection to make samba work over VPN. We use >> OpenVPN host2net-accounts created with IPCop here since quite a while and >> it works with samba without problems. However, the speed is of course not >> as fast as in local net, but this is rather related to the way the >> SMB-protocoll works. ;-) >> >> ________________________________________ >> Von: samba [samba-bounces at lists.samba.org]" im Auftrag von >> "Reindl Harald [h.reindl at thelounge.net] >> Gesendet: Sonntag, 1. November 2015 05:41 >> An: samba at lists.samba.org >> Betreff: Re: [Samba] Openvpn and samba: play nice together? >> >> Am 31.10.2015 um 21:45 schrieb Douglas D Germann Sr: >> >>> I'm stumped! Cannot get mount.cifs to work over a tun connection. How >>> would you trouble-shoot this? >>> >>> 1. It cannot be openvpn causing the problem: I can ping across the >>> connection both directions on all machines >>> >> TUN is a routed VPN with no broadcast over networks >> TAP is a bridged VPN >> >> so it *can* and likely is how you setup your VPN >> >> >> >> >> > > -- > Allen Chen > Network Administrator > IT > > Harbourfront Centre > > 235 Queens Quay West, Toronto, ON > M5J 2G8, Canada | harbourfrontcentre.com < > http://www.harbourfrontcentre.com> > Office: +1 416 973 7973 > Cell: +1 416 556 2493 > > > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba >
Reindl, Christian, Mueller, Karel, Allen, Krutskikh-- >>You definetly need a TAP connection to make samba work over VPN. That is interesting, and not my experience, since I have been running another tun connection with these same computers for the last 2-3 years without any problems. Maybe I made a mistake in the set-up and am just now learning the right way! <grin> In any event, it seems to be solved: my hosts allow line did not allow 10.8.20.0/24. When I put that in smb.conf, it started working. So we are up and running as we speak! Thanks for your help, folks! :- Doug. Germann