4

I'm sure this problem must have been solved a thousand times but nothing I do seems to work.

Summary: On Windows 10 client, using file explorer, and OpenVPN Connect client 3.3.4, can't access a NAS via SMB on which OpenVPN server (2.4.11 arm-openwrt-linux-gnu) is running.

Works:

  • Can connect to SMB share via Windows 10 file explorer when on the LAN (not using OpenVPN) using guest access (no user login prompt)
  • OpenVPN Connect client connects to OpenVPN server and can access LAN web servers, ping machines, etc
  • Can connect to port 445 on NAS via raw TCP connection
  • Can access the NAS files via SMB using Android OpenVPN Connect and an SMB file browser using SMB guest access

Doesn't work:

  • Connecting to SMB share from Windows 10 file explorer. Prompts for a user/pass (it shouldn't, though it indicated a successful connection the TCP level at least). Fails whatever username is used

Tried on the Windows 10 client (including various combinations):

  • Made the adapter OpenVPN client creates into a Private Network via gpedit.msi
  • Turned on File Sharing and Network Discovery for Public networks

Tried on the NAS:

  • Created an SMB user and tried logging in with that
  • In OpenVPN server setting, force all traffic via VPN (to ensure Windows wasn't bypassing VPN when trying to establish SMB connection)
  • Ensured SMBv1 is disabled

So, it seems like a problem either on the OpenVPN client config or Windows is being "clever" and "protecting" me, but nothing I do enables me to access the SMB share on the NAS via OpenVPN.

UPDATE: Defininately a Windows problem. On the same Windows client machine, tried a Linux VM, with OpenVPN connected in the host and the VM using this connection, then in the file manager (KDE Dolphin) accessing smb://192.168.0.1 works no problem. So why doesn't it work in the Windows host? Why does it keep asking for a user/pass?

UPDATE: Well, according to Windows diagnostics, apparently "SMBHelperClass LowHealth diagnosis status 1 [DS_CONFIRMED] HRESULT 0 [64 ms] description: Your user account doesn't have permission to access "disk". Which is nonsense, it's accessible as a guest with no user/pass.

Balvik
  • 41
  • 1
  • 3

1 Answers1

0

For posterity's sake, is was caused by an apparently well-known Windows security feature which disallows guest access using SMB2. I thought is was an SMB server or OpenVPN problem (hence asking on ServerFault instead of Superuser). Quite why it worked fine on the LAN but not over OpenVPN is a mystery. Perhaps if the Windows client sees the guest access is to a SMB server on the same LAN it'll allow it, otherwise not.

Anyway, solution is to add AllowInsecureGuestAuth key with value 1 to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Parameters AND enter a random username (Window still asked for username/password even though there is none).

Balvik
  • 41
  • 1
  • 3