[Samba] Samba 3 can't listen on VPN / tun interfaces?
Tomasz Chmielewski
mangoo at mch.one.pl
Wed Nov 24 23:11:10 GMT 2004
rruegner wrote:
> Hi,
> pleases read the faqs from openvpn,
> you will find that only tap interfaces are working
> with windows/samba, but youre in a luck that it isnt a big problem to
> setup them
quite the contrary, switching from tun to tap appeared to be a big
problem - I spent a couple of hours trying to figure out why can't I
reach or ping hosts on the other side of the VPN when I use tap (using
tun it wasn't a problem at all).
So here is the solution if someone had a similar problem (both sides are
running Linux 2.6 and OpenVPN 1.6):
Side A - standalone server:
openvpn --remote remote-side-B.tld --dev tap --ifconfig 192.168.5.2
255.255.255.0 --verb 4 --comp-lzo --resolv-retry 999999 --ping-restart
120 --ping 60 --port 5001 --daemon
route add -net 192.168.0.0/24 gw 192.168.5.2 dev tap0
Side B - a server + LAN:
openvpn --remote remote-side-B --dev tap --ifconfig 192.168.0.232
255.255.255.0 --verb 4 --comp-lzo --resolv-retry 999999 --ping-restart
120 --ping60 --port 5001 --daemon
route add -host 192.168.5.2 gw 192.168.0.232 dev tap0
echo "1">/proc/sys/net/ipv4/conf/tap0/proxy_arp
The last line (echo ... proxy_arp) is necessary if you want to reach LAN
clients from Side A! This is not necessary with tun however.
I was getting something like this if I didn't set it (and couldnt ping
nor reach any machine):
linux:~ # tcpdump -i tap0
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on tap0, link-type EN10MB (Ethernet), capture size 96 bytes
21:36:43.553713 arp who-has pc009 tell 192.168.5.2
21:36:44.552816 arp who-has pc009 tell 192.168.5.2
Don't forget to setup a right routing on LAN clients (if necessary).
Tomek
More information about the samba
mailing list