3

I've got an NFS mount set up on my development server which I have been mounting on local machines without issue. I've now been trying to mount the same NFS share to the same machine (openSUSE laptop) this time through a VPN from outside the office but it comes up with the following error:

mount.nfs: Openration no permitted

Export file on the development server:

/var/www *(rw,all_squash,async,anonuid=500,anongid=500)

NFS options specified on development server

# Server Mountd Protocol
mountproto=udp
# Server Port
Port=2049

Mount command used which works locally but not through VPN:

sudo mount 192.168.7.2:/var/www /var/www

VPN config:

client
resolv-retry 20
keepalive 10 60
nobind
mute-replay-warnings
ns-cert-type server
comp-lzo
verb 1
persist-key
persist-tun
explicit-exit-notify 1
dev tun
proto udp
port 1194
cipher AES-128-CBC
cert keys/{{ key name }}.crt
key keys/{{ key name }}.key
ca keys/{{ key name }}.crt
remote {{ office ip address }} 1194 # public address
remote {{ office ip address }} 1194 # static WAN 1

Ran using:

/usr/sbin/openvpn --config {{ config name  }}.conf

I should note that besides NFS the VPN works fine, I'm able to use virt_manager with the office KVM host, ssh into local servers and also ssh into remote servers locked to the offices ip address. The NFS share is on a Centos 6.8 server and the laptop I'm attempting to mount the share on is running openSUSE Leap 42.1. I'm able to ssh into the machine running the NFS mount through the VPN too and the fact that the NFS share (centos server) is logging the following error in /var/log/messages when I attempt to mount makes me think it must be connecting to the server fine:

authenticated mount request from 192.168.1.90:992 for /var/www (/var/www)
robbiedyer
  • 43
  • 1
  • 6
  • Check for firewalls. And re-evaluate your decision to run NFS over UDP. – Michael Hampton Dec 19 '16 at 09:43
  • I was under the impression using UDP this may improve speed although I'd not tried it since making this changed admittedly. The firewalls on both the server and the laptop have been disabled. – robbiedyer Dec 19 '16 at 09:53
  • Running NFS over UDP only makes it unreliable. As for firewalls, you need to check for other firewalls, such as on the VPN endpoint or elsewhere on the network between here and there. – Michael Hampton Dec 19 '16 at 17:21
  • Do you by any chance have something in hosts.allow and/or hosts.deny? – Peter Zhabin Dec 19 '16 at 17:23
  • Both hosts.allow and hosts.deny files are empty. Cheers for the tip on UDP I'll remove that option, I assumed the risk of missing packets must be offset by increased speed but I guess that's not the case. – robbiedyer Dec 19 '16 at 21:12
  • I've since discovered that the issue is due to the VPN being configured to give ip addresses in a different subnet which results in the NFS clients ip address appearing to be the same as the gateway. This meant the NFS server was unable to communicate with the client. – robbiedyer Dec 21 '16 at 09:27
  • Did you check the content of `/etc/exports`? is anything else configure in there? – Bogdan Stoica Feb 04 '19 at 14:37

0 Answers0