Valentino
Occasional Visitor
It is comfortable to open network neighborhood and to see all PCs available with open shares... Do you know any other methods to do like this?
OpenVPN server can't see client's LAN on Site to site connection
- Thread starter Valentino
- Start date
you can try to use WINS server, it should work
run Samba in your router, and let it be both WINS server and Master browser
setup in all routers in your network to get WINS IP from "main" Samba/WINS running router
you should do it in DHCP - WINS IP address, for all computers to get WINS IP address from ASUS router where Samba and WINS are running
after computer restart (I guess you use windows) check with ipconfig /all if you see WINS IP address
try to ping WINS IP just to be sure it is fine
you should be able to see computers and their shares after that, as one big network
run Samba in your router, and let it be both WINS server and Master browser
setup in all routers in your network to get WINS IP from "main" Samba/WINS running router
you should do it in DHCP - WINS IP address, for all computers to get WINS IP address from ASUS router where Samba and WINS are running
after computer restart (I guess you use windows) check with ipconfig /all if you see WINS IP address
try to ping WINS IP just to be sure it is fine
you should be able to see computers and their shares after that, as one big network
Valentino
Occasional Visitor
WINS is not enough, necessary for sure. It should work, but it's not. One router must be a domain master browser and local master browser, others only local browsers with os priority maximum. Besides it is needed to add these lines in smb.conf on both ends:
remote browse sync = 192.168.1.1
remote announce = 192.168.1.1/WORKGROUP
You can read this https://www.samba.org/samba/docs/man/Samba3-HOWTO/NetworkBrowsing.html if someone interested.
@Valentino - I didn't knew you got this working?
I thought you are asking me how to do it. Since I don't use hostnames at the moment, but rather IP addresses from server and NAS (all are static) to map folders on other side of OpenVPN tunnel
I just simply map folders like \\192.168.x.xxx and it works fine, users can open, edit and share files, which makes them happy
it would be more elegant to have everything available by hostname, that would be my next step to try
how do you add these lines to smb.conf ?? in /jffs/config or somewhere else?
your idea is good, if we can get all this done with Asus router, without using separate servers it would be great
I thought you are asking me how to do it. Since I don't use hostnames at the moment, but rather IP addresses from server and NAS (all are static) to map folders on other side of OpenVPN tunnel
I just simply map folders like \\192.168.x.xxx and it works fine, users can open, edit and share files, which makes them happy
it would be more elegant to have everything available by hostname, that would be my next step to try
how do you add these lines to smb.conf ?? in /jffs/config or somewhere else?
your idea is good, if we can get all this done with Asus router, without using separate servers it would be great
Valentino
Occasional Visitor
yes, in jffs/config/smb.conf.add
my server config:
[global]
remote browse sync = 192.168.2.1 192.168.3.1 192.168.0.1 192.168.4.1
remote announce = 192.168.2.1/WORKGROUP 192.168.3.1/WORKGROUP 192.168.0.1/WORKGROUP 192.168.4.1/WORKGROUP
bind interfaces only = no
log level = 3
client config:
[global]
domain master = no
local master = yes
preferred master = yes
remote browse sync = 192.168.1.1
remote announce = 192.168.1.1/WORKGROUP
I haven't tested it completely. I just saw that pcs are in network neighborhood, but I couldn't open them. Didn't have time to try more...
my server config:
[global]
remote browse sync = 192.168.2.1 192.168.3.1 192.168.0.1 192.168.4.1
remote announce = 192.168.2.1/WORKGROUP 192.168.3.1/WORKGROUP 192.168.0.1/WORKGROUP 192.168.4.1/WORKGROUP
bind interfaces only = no
log level = 3
client config:
[global]
domain master = no
local master = yes
preferred master = yes
remote browse sync = 192.168.1.1
remote announce = 192.168.1.1/WORKGROUP
I haven't tested it completely. I just saw that pcs are in network neighborhood, but I couldn't open them. Didn't have time to try more...
Valentino
Occasional Visitor
I have tested yesterday a little...can you open network shares on PCs by IP \\192.168.x.xxx ??
can you ping remote PCs by hostname?
if sharing works with IP \\192.168.x.xxx and you have access it is already 50% done
if ping by hostname works, it is other 50% - I think
So, command in openvpn push "dhcp-option WINS 192.168.1.1" doesn't work. Merlin why? After I entered wins server = 192.168.1.1 in smb.conf on client with tomato, I could access router through neighborhood. Didn't try with pc yet, but I can see it, but can't access. It's because of Pc doesn't have wins server configured, next restart will do I think.
But with another Merlin router it didn't help. I configured WINS everywhere I could, but couldn't access it, only by ip address \\192.168.3.1
Last edited:
I think openvpn push "dhcp-option WINS 192.168.1.1" is only for the clients (PCs) not for the routers, because I don't see how could OpenVPN override DHCP Server settings on router (let's say there is some other WINS server IP, or no IP at all)
when you try to open remote PC shares by \\IP\share_name and make sure it works, you will be half way there
maybe windows firewall is blocking your access
when you try to open remote PC shares by \\IP\share_name and make sure it works, you will be half way there
maybe windows firewall is blocking your access
Valentino
Occasional Visitor
It's not half, it's a complete victory!
One roter with Tomato works by \\IP\share_name, so another with Merlin is left...No, Windows firewall is not blocking...
Valentino
Occasional Visitor
I don't know why, but Merlin firmware doesn't work correctly in this case. I see router in network neighborhood, but when I click on it, an error comes up. All WINS and DNS records of server router are correctly assigned. Maybe samba version doesn't support something? How do I check samba version? Tomato router works correctly...
Valentino
Occasional Visitor
Guys, please help. Can't make shares work correctly. I see shared PCs in Network Neighborhood, but can't access them. When I click on a pc, it can't be opened. I can only access PC behind the Tomato router.
Hi. any news? When you can fix OpenVPN site-to-site feature.
Thanks
RMerlin
Asuswrt-Merlin dev
This still isn't a priority, and there are people who are already running site-to-site, so it's already functional.
Hi.I think I got it!
https://community.openvpn.net/openvpn/wiki/RoutedLans
trick is here:
OpenVPN Server side (192.168.0.0/24)
VPN Details: Advanced settings
Manage Client-Specific Options Yes
Allow Client <-> Client Yes
Allow only specified clients No
Custom Configuration
Code:route 192.168.1.0 255.255.255.0 push "route 192.168.1.0 255.255.255.0"
create on OpenVPN SERVER side (192.168.0.0/24):
/jffs/configs/openvpn/ccd1/
file named "client" - this should be common name, if you have changed it, you should name it accordingly
and put this code inside
Code:iroute 192.168.1.0 255.255.255.0
reboot OpenVPN server, reboot OpenVPN client
*change 192.168.1.0 address to your CLIENT LAN subnet, it could be differrent
*change 192.168.0.0 address to your SERVER LAN subnet, it could be differrent
now in OpenVPN status (server side) you should see this
Routes
Virtual Address Common Name Real Address Last Ref
10.8.0.6 client Sun May 31 02:08:38 2015
192.168.1.0/24 client Sun May 31 02:05:23 2015
from Server side (Asus router), I can ping Client LAN computers
@Merlin - what do you think about including OpenVPN site-to-site feature in next firmware release, at least as experimental feature? It should be dead simple to create one script
This solution works. Thank you.
But there is a Problem. From the guest network (openvpn client router) is seen Network (openvpn server router).
Any idea how to solve the problem?
Valentino
Occasional Visitor
Hi all.
Site to site vpn works, but there is one more big problem. I can see pcs of remote networks in network neighborhood, but I can't enter in to them to see shares! I can see routers shares and access them, I can even ping pcs, but cant access their shares! It's very strange.
Please, assist!
Site to site vpn works, but there is one more big problem. I can see pcs of remote networks in network neighborhood, but I can't enter in to them to see shares! I can see routers shares and access them, I can even ping pcs, but cant access their shares! It's very strange.
Please, assist!
RMerlin
Asuswrt-Merlin dev
Check those PC's firewalls. For instance, Norton Security by default will block clients as they come from a different subnet.
Valentino
Occasional Visitor
Thank you. It helped. Firewall was the reason. Now I can access pcs by ip address and see pcs in network neighborhood, but cant access them by name, clicking on it's name in network neighborhood!
What can be the reason???
RMerlin
Asuswrt-Merlin dev
Name resolution over VPN is tricky. The VPN client will have to use the router's DNS server for it to work.
Sent from my Nexus 5X using Tapatalk
Similar threads
Similar threads
Similar threads
-
-
-
-
Devices connect to my openvpn server correctly but no traffic from server to client
- Started by alexrose12345
- Replies: 6
-
In asus rt-ac68u router under VPN Client - VPN Server List missing OpenVPN
- Started by Jgafa10
- Replies: 30
-
2x AC86U connected through OpenVPN (LAN only), additional server on client side not reachable
- Started by naabo
- Replies: 4
-
-
-
-
For AX68U and AX86S Merlin users: openvpn server - max user qty?
- Started by mikepervert
- Replies: 1