[GRLUG] OpenVPN and shares

[Adam Tauno Williams]

On Tue, 2013-02-05 at 19:29 -0500, Steve @ HCS wrote:
> I know this involves windows, but i wondered if someone could point me
> in the right direction.   Linux people often seem to have a better
> handle on networking.
> On a network with a windows machine at 192.168.0.n and a share of
> "example", i have a PFSense gateway/firewall with an OpenVPN server
> running.  Appropriate firewall rules seem to be made for the OpenVPN
> (Port 1194 to outside ip) .
> On the client side of the OpenVPN tunnel that is connected, i can ping
> 192.168.0.n, but i can not map a drive to \\192.168.0.n\example
> I get "network path not found"

\\{HOSTIP}\... may not work; depending on the type of authentication in
play.  If you use a FQDN to connect then Kerberos will be tried first;
if that fails or the name is no FQDN then the system falls back to NTLM.
That may or may not be permitted on the server by the server's
configuration or domain policy.

And you shouldn't have to use \\{HOSTIP}\... ever.  Your configuration
is incomplete if it does not provide naming.  It will fail in a myriad
of interesting ways.   I'd try to find a simpler service to test
connectivity with [SMTP, SSH, TELNET] and make sure that works before
descending into the murk of CIFS/SMB.

The server may permit connections to shares only from @LOCAL devices -
those on the same subnet as itself.  This is probably the default
configuration of the firewall once File-And-Print have been enabled.
Then your VPN client would be prohibitted.  

VPNs are generally much simpler to deal with - *especially* from Windows
clients, which generally do not have anything like routed/gated/zebra.

> Firewall and OpenVPN logs on the host side don't show anything
> amiss.     ???