[Samba] Samba 3 can't listen on VPN / tun interfaces?

Tomasz Chmielewski mangoo at mch.one.pl
Wed Nov 24 23:11:10 GMT 2004

rruegner wrote:
> Hi,
> pleases read the faqs from openvpn,
> you will find that only tap interfaces are working
> with windows/samba, but youre in a luck that it isnt a big problem to 
> setup them

quite the contrary, switching from tun to tap appeared to be a big 
problem - I spent a couple of hours trying to figure out why can't I 
reach or ping hosts on the other side of the VPN when I use tap (using 
tun it wasn't a problem at all).

So here is the solution if someone had a similar problem (both sides are 
running Linux 2.6 and OpenVPN 1.6):

Side A - standalone server:

openvpn --remote remote-side-B.tld --dev tap --ifconfig --verb 4 --comp-lzo --resolv-retry 999999 --ping-restart 
120 --ping 60 --port 5001 --daemon

route add -net gw dev tap0

Side B - a server + LAN:

openvpn --remote remote-side-B --dev tap --ifconfig --verb 4 --comp-lzo --resolv-retry 999999 --ping-restart 
120 --ping60 --port 5001 --daemon

route add -host gw dev tap0

echo "1">/proc/sys/net/ipv4/conf/tap0/proxy_arp

The last line (echo ... proxy_arp) is necessary if you want to reach LAN 
clients from Side A! This is not necessary with tun however.

I was getting something like this if I didn't set it (and couldnt ping 
nor reach any machine):

linux:~ # tcpdump -i tap0
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on tap0, link-type EN10MB (Ethernet), capture size 96 bytes
21:36:43.553713 arp who-has pc009 tell
21:36:44.552816 arp who-has pc009 tell

Don't forget to setup a right routing on LAN clients (if necessary).


More information about the samba mailing list