Menu
What's new
By:
Filters Better Search

Openvpn pre-configured?

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

sinshiva said:
would you mind dumping the contents of /etc/smb.conf here?
Click to expand...

Code: 
[global]
workgroup = WORKGROUP
netbios name = RT-AC68U
server string = RT-AC68U
unix charset = UTF8
display charset = UTF8
log file = /var/log.samba
log level = 0
max log size = 5
security = USER
guest ok = no
map to guest = Bad User
encrypt passwords = yes
pam password change = no
null passwords = yes
max protocol = NT1
passdb backend = smbpasswd
smb encrypt = disabled
smb passwd file = /etc/samba/smbpasswd
force directory mode = 0777
force create mode = 0777
max connections = 5
obey pam restrictions = no
use spnego = no
client use spnego = no
disable spoolss = yes
host msdfs = no
strict allocate = No
bind interfaces only = yes
interfaces = br0 192.168.1.1/255.255.255.0 
use sendfile = yes
map archive = no
map hidden = no
map read only = no
map system = no
store dos attributes = yes
dos filemode = yes
oplocks = yes
level2 oplocks = yes
kernel oplocks = no
wide links = no

And below that is my shares.
 
ok, you'll need to make a copy of that whole config to /jffs/configs/smb.conf

before your shares, add;

hosts deny = 10.16.0.0/16

then, run;

service restart_nasapps

which should overwrite /etc/smb.conf when it reloads, if not, reboot
 
sinshiva said:
ok, you'll need to make a copy of that whole config to /jffs/configs/smb.conf

before your shares, add;

hosts deny = 10.16.0.0/16

then, run;

service restart_nasapps

which should overwrite /etc/smb.conf when it reloads, if not, reboot
Click to expand...

Seems to work, really really thank you.
But how come its not blocket by iptables?

This command:
iptables -I FORWARD -s 10.16.0.0/24 -d 192.168.1.0/24 -j DROP
Blocks access to my other LAN smb shares.
While the iptables for tun22 don´t block for the routers smb share. Just wonder why?


Is there some risk that more things are open at this vpn connection or is it safe if I do like this:
Code: 
iptables -I FORWARD -s 10.16.0.0/24 -d 192.168.1.0/24 -j DROP
iptables -I INPUT -i tun22 -p udp ! --dport 53 -j DROP
iptables -I INPUT -i tun22 -p tcp -j DROP

Then
Code: 
hosts deny = 10.16.0.0/16
in /jffs/configs/smb.conf

This way this vpn connection only passess traffic through my ip and can´t access my LAN at all? Correct?

Edit: One last question, why are we only blocking one port @ udp, but all @ tcp?
Edit2: Now I start to understand, we are in fact blocking all udp but not port 53, since there is a "!" ?
 
Last edited:
You must log in or register to reply here.

Similar threads

A
cipher is not set. OpenVPN versions before 2.5 defaulted to BF-CBC as fallback
Replies
2
Views
4K
Martinski
M
Preskitt.man
setup ac68U as bridge to eero network for vpn support
Replies
18
Views
1K
heysoundude
heysoundude
M
merlin 386.1, ovpn client 3.4.1, "error:0A00018E:SSLroutines::ca mtd too week [ERR]"
Replies
3
Views
353
Ripshod
Ripshod
abhi.ko
OpenVPN Setup Question
2 3
Replies
48
Views
3K
L&LD
L&LD
S
VPN blocking MMS text messages
Replies
8
Views
598
Piotrek
P
Similar threads
Thread starter Title Forum Replies Date
E OpenVPN TAP internet access problem Asuswrt-Merlin 0
M OpenVPN clients cannot connect to LAN computers. Asuswrt-Merlin 0
M OpenVPN / site to site with special security/routing constraints Asuswrt-Merlin 7
R OpenVPN keeps on turning itself off Asuswrt-Merlin 40
M Best router for wireguard or openVPN Asuswrt-Merlin 1
W OpenVPN Server set to LAN only allows browsing Asuswrt-Merlin 14
A Upgraded my ASUS, issues with NordVPN via OpenVPN Asuswrt-Merlin 4
G openvpn server: can not change/select data cipher Asuswrt-Merlin 1
Blankedy AC86U OpenVPN server whilst in AP mode Asuswrt-Merlin 3
M For AX68U and AX86S Merlin users: openvpn server - max user qty? Asuswrt-Merlin 1

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online

Total: 914 (members: 23, guests: 891)
Top