You are not logged in.

#1 2017-01-14 23:21:27

jbodhorn
Member
Registered: 2015-12-11
Posts: 130

remote access nfs/samba shares of home network through openvpn server

I've been playing around with openvpn server, samba, and nfs. I've managed to get an openvpn server running, clients connect just fine, and all their network traffic is routed through the openvpn server. I'd like to be able to access either nfs shares, samba shares, or both through my openvpn server, mainly the shares of my NAS, but it'd be nice to be able to access any shares on my home network. My NAS isn't the same box as the openvpn server, though I guess it could be if that would make things easier or more secure. Would having network shares accessible through my openvpn server be bad security wise?

I know samba has these options:

# Configure Samba to use multiple interfaces
# If you have multiple network interfaces then you must list them
# here. See the man page for details.
;   interfaces = net0
# Configure remote browse list synchronisation here
#  request announcement to, or browse list sync from:
#	a specific host or from / to a whole subnet (see below)
;   remote browse sync = 192.168.0.12 192.168.0.30
# Cause this host to announce itself to local subnets here
;   remote announce = 192.168.0.30 10.8.0.1

I also know that openvpn server has the option for client to client communication. If I set up client to client communication in openvpn and use remote browse sync/remote announce in samba will this allow me to access my samba shares through openvpn? With client to client communication in openvpn do I even need to use remote browse sync/remote announce if one of the clients in the client to client communication is the samba/nfs server I wish to access? What about mounting my network shares to my openvpn server, could I then access them through the vpn?

I'm seeking any input on what the best way to do this is without compromising the security of our home network, if there is a better option I'd love to hear it. The main shares I wish to have access to are on my NAS which like most of my laptops is running Arch, its shares are ntfs formatted 1tb usb 3.0 drives. I realize having the drives formatted to ext4 would probably give me better transfer rates, but every once in a while I end up shutting down the server and connecting the drives directly to other computers, some of which run windows.

I can access my my NAS shares through sshfs, nfs, ftp w/tls, or samba. It seems like nfs could be significantly faster than samba but I'm not really sure, transfer rates on large files start fast but end up at a crawl. I'm not at all sure how to make nfs accessible through vpn, at least with samba I have some ideas to play around with. I usually use ftp for transferring large or many files to and from my NAS as that tends to be what I get the most consistent and fastest transfer rates through.

Offline

#2 2017-01-15 01:42:48

jbodhorn
Member
Registered: 2015-12-11
Posts: 130

Re: remote access nfs/samba shares of home network through openvpn server

Ugh... I don't think I can even do client to client on my openvpn server because there is no option to add a static route in my router/cable modem. I'm not yet sure if it will help but I did find this https://community.openvpn.net/openvpn/wiki/NatHack
I was trying to use the client to client option in my openvpn server config with

# Push routes to the client to allow it
# to reach other private subnets behind
# the server.  Remember that these
# private subnets will also need
# to know to route the OpenVPN client
# address pool (10.8.0.0/255.255.255.0)
# back to the OpenVPN server.
push "route 192.168.0.0 255.255.255.0"

I believe that since I have no way of adding a static route in my router/cable modem that this is why my clients can't see/connect to each other, do I have any options other than the nat hack link I posted above?

Atm I think the only way I could access my NAS through vpn is if I use the NAS as my vpn server. I was able to set up a samba share on my vpn server and mount it through the vpn tunnel, that would work, but it wouldn't get client to client connections working

Offline

Board footer

Powered by FluxBB