SitePoint Sponsor

User Tag List

Results 1 to 10 of 10
  1. #1
    Hosting Team Leader silver trophybronze trophy
    cpradio's Avatar
    Join Date
    Jun 2002
    Location
    Ohio
    Posts
    5,214
    Mentioned
    153 Post(s)
    Tagged
    0 Thread(s)

    VPN with Samba Share

    Okay, so I'm not the most network savvy person, in fact, I got out of that area intentionally because it just wasn't for me. But I have a scenario where I need to mount a network drive on a Windows machine that is to a samba share on a NAS.

    Now this works great locally, absolutely no problems what-so-ever. However, when we are travelling, obviously this doesn't work and now I need it to. Would utilizing a VPN to the NAS resolve this issue?

    The steps taken when locally:
    1) Connect to SAMBA share directly (as they are on the same network)

    The steps taken when not on the same network:
    1) Connect the VPN
    2) Connect to SAMBA share (as the VPN should make it seem like it is on the same network)

    Is this correct? Or am I missing something?

  2. #2
    Community Advisor silver trophy

    Join Date
    Nov 2006
    Location
    UK
    Posts
    2,554
    Mentioned
    40 Post(s)
    Tagged
    1 Thread(s)
    Yes. You'll need a VPN endpoint - this could be the router on the NAS network if it provides this facility, or another PC on the network. Some NAS can act as the VPN endpoint in which case the router might have to support VPN pass through
    Last edited by EastCoast; Jan 5, 2013 at 11:49.

  3. #3
    Hosting Team Leader silver trophybronze trophy
    cpradio's Avatar
    Join Date
    Jun 2002
    Location
    Ohio
    Posts
    5,214
    Mentioned
    153 Post(s)
    Tagged
    0 Thread(s)
    Good, now to give it a try and see if it works

  4. #4
    Hosting Team Leader silver trophybronze trophy
    cpradio's Avatar
    Join Date
    Jun 2002
    Location
    Ohio
    Posts
    5,214
    Mentioned
    153 Post(s)
    Tagged
    0 Thread(s)
    Success. The VPN approach worked great. I did have to enable ipv4 and ipv6 forwarding, but I think that is expected given I wanted to map a drive (does that sound right?).

  5. #5
    Community Advisor silver trophy

    Join Date
    Nov 2006
    Location
    UK
    Posts
    2,554
    Mentioned
    40 Post(s)
    Tagged
    1 Thread(s)
    You need to be careful with port forwarding as it can open up internal network nodes to scanning and potential attack. As long as the port forwarding is vpn specific rather than to any incoming IP you should be ok. You can test this by disconnecting your remote vpn client, and trying to connect to other NAS connection ports at the router's external IP e.g ftp/http. Even if this is was the case, as long as the NAS has been properly set up (no default passwords for any services, and any unrequired services switched off) you should be ok.

  6. #6
    Hosting Team Leader silver trophybronze trophy
    cpradio's Avatar
    Join Date
    Jun 2002
    Location
    Ohio
    Posts
    5,214
    Mentioned
    153 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by EastCoast View Post
    You need to be careful with port forwarding as it can open up internal network nodes to scanning and potential attack. As long as the port forwarding is vpn specific rather than to any incoming IP you should be ok. You can test this by disconnecting your remote vpn client, and trying to connect to other NAS connection ports at the router's external IP e.g ftp/http. Even if this is was the case, as long as the NAS has been properly set up (no default passwords for any services, and any unrequired services switched off) you should be ok.
    I think I'm okay based on that description, as the network shares require usernames and passwords and are only available on a specific network internally (I have 2 wireless networks, a guest network and a personal network -- only the personal network as access to the NAS).

    When I turn off the VPN and try to connect to the NAS, it fails to do so because the IP range isn't valid (when on the guest network or an outside network).
    When I am on the personal network, accessing the NAS is available as long as you have a valid username and password (both on the NAS and setup within SAMBA).

    As an aside, I must not have done my test right the other day, as I just disabled IP forwarding and I can connect my map network drive just fine still...
    http://www.howtogeek.com/51237/setti...ver-on-debian/

    So I guess I am confused on when IP forwarding would be needed. Do you only need it if you have separate subnets that are only accessible from behind the VPN server?

  7. #7
    SitePoint Author silver trophybronze trophy
    wwb_99's Avatar
    Join Date
    May 2003
    Location
    Washington, DC
    Posts
    10,649
    Mentioned
    4 Post(s)
    Tagged
    0 Thread(s)
    Depending on the bandwidth and quality of the connection I'd be real leery about this. SMB was never meant to be a WAN protocol. VPNs help or at least can help manage the security side of things but you still have exigencies of transiting the public internet to deal with.

  8. #8
    Hosting Team Leader silver trophybronze trophy
    cpradio's Avatar
    Join Date
    Jun 2002
    Location
    Ohio
    Posts
    5,214
    Mentioned
    153 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by wwb_99 View Post
    Depending on the bandwidth and quality of the connection I'd be real leery about this. SMB was never meant to be a WAN protocol. VPNs help or at least can help manage the security side of things but you still have exigencies of transiting the public internet to deal with.
    Its for personal use only. It seems my wife's laptop's recent issues deal with the portable hard drive it has been connected to, which causes it to lock up. So instead of using a portable hard drive as a temporary medium to getting our photos from her laptop via SD card to my NAS, I'm using a SAMBA share to give direct/writeable access to her laptop. Now that all works fine without any issues when we are home. When we are traveling, the VPN will help bridge that gap so she can still connect to the SAMBA share.

    I'm open to other alternatives for sharing directories over a network (instead of SAMBA), but they must be capable of working with Windows 7 and other Linux boxes.

  9. #9
    SitePoint Author silver trophybronze trophy
    wwb_99's Avatar
    Join Date
    May 2003
    Location
    Washington, DC
    Posts
    10,649
    Mentioned
    4 Post(s)
    Tagged
    0 Thread(s)
    Gotcha. That could work file copies tend to be pretty robust and if they fail you can always try again. Now, there could be a challenge in encouraging her not do something like work on a word document remotely. Random disk access is the issue.

  10. #10
    Hosting Team Leader silver trophybronze trophy
    cpradio's Avatar
    Join Date
    Jun 2002
    Location
    Ohio
    Posts
    5,214
    Mentioned
    153 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by wwb_99 View Post
    Gotcha. That could work file copies tend to be pretty robust and if they fail you can always try again. Now, there could be a challenge in encouraging her not do something like work on a word document remotely. Random disk access is the issue.
    Ah, we are okay there, the share is specific for our photos, so she won't be really editing them from remote (except maybe orientation). All other processing she needs to do, email, documents, etc are done locally and backed up using CrashPlan which copies them to remote locations automatically.

    Thing is, I didn't want CrashPlan backing up duplicates of photos all over the place, so by making this share, CrashPlan only needs to worry about the photos on the share, and nowhere else (which is nice, as if I need to do a restore, I don't have to figure out which duplicate is the latest version).

    Edit:

    Should mention that CrashPlan isn't looking at the share, but is running on the NAS and backing up the local directory that is shared


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •