No SMB access via VPN

Currently reading
No SMB access via VPN

DeltaGolf

DeltaGolf

212
30
NAS
DS918+
Operating system
  1. macOS
Mobile operating system
  1. iOS
I'm trying to access a remote Synology using SMB from a Mac. I'm connecting via VPN. I can't get to my files!

The VPN is taken care of by another device, not the Synology. I have a point to point connection. That works, I can access the router for example over the VPN. Requesting smb://192.168.1.1 just gets an error, 'something is wrong'. (Yes, my LAN has a different address, that's just an example!)

I can access a local Synology via SMB no problem, in fact SMB has been very stable on Macs recently - not always the case in the past.

I can ping the remote Synology on its LAN address and it responds. So I'm sure I'm connected fine over the VPN and its working. But something is stopping me accessing it via SMB. It's not a Synology firewall and in any case local users haven't been complaining about access. It's just me over VPN.

FWIW the Synology is still on DSM 6 point whatever.

Thanks for any pointers...

PS same when trying from an iPad, so its not a macOS issue
 
Sort by date Sort by votes
Rusty said:
How can you be sure?
Click to expand...
Because the Synology DSM Firewall is not enabled?

Assuming Control Panel Connectivity -> Security -> Firewall

Oh, and in other news, this is now true of two Synologys. I can't access SMB using VPN on either. There is a possibility its a firewall on the router issue. Both have new routers... But I can access their interfaces, just not get onto their LANs.
 
Upvote 0
Sorry, was being specific about the VPN not being on the Syno, forget to be clear on the FW.

Anyways, I can access my local Synology on my local LAN via telnet.

Code: 
deltagolf@deltaMac ~ % telnet 192.168.1.123 445
Trying 192.168.1.123...
Connected to synology.fritz.box.
Escape character is '^]'.

But not to the Synology on the remote site via VPN

Code: 
Trying 192.168.2.123...
telnet: connect to address 192.168.2.123: Operation timed out
telnet: Unable to connect to remote host

Port 445 is not specifically opened on the firewall. But neither is whatever the VPN ports are (500?), Fritz takes care of that. And all of this has worked in the past. I still suspect the FritzBox. But I've followed all their suggestions at Cannot access shared files or printers over a VPN connection | FRITZ!Box 7581.
 
Upvote 0
So 445 should be open?

The FritzBox has a list of open ports. Many of those are opened automatically, for example

Code: 
500 UDP, IPv4 VPN (IKE)
4500 UDP, IPv4 VPN (IPsec)
5060 UDP, IPv4, TCP Telephony (SIP)
7078-7097, UDP, IPv4 Telephony (RTP)

and there are other I've opened which point directly to the Synology.

I'm expecting that the FritzBox has automatically opened port 445. It worked fine on a previous model, but that may have had older firmware. And then again, FritzBox is know to be poor for VPN. So much so they are beta testing WireGuard to replace IPSec.

Anyway, if I open 445 I only have the option of pointing it at the Synology. Usually I'd be able to SMB to any server on the network. I might give it a go...
 
Upvote 0
An update...

I have the sites connected with a LAN to LAN VPN. I've disconnected them from each other. Now I've connected using my own personal VPN account. And as if by magic I'm able to access the Synology via SMB.

So its not that the FritzBox is blocking SMB, its something to do with the site to site, LAN to LAN VPN connection.

Getting there!
 
Upvote 0
Fixed it!

So that tickbox in the FritzBox VPN settings page. The one that says "Allow NetBIOS over this connection (for Microsoft Windows file and printer sharing)". Obviously I don't need to tick that cos we don't have any Windows machines and don't need printer sharing.

Obviously I do. So I did. And I have SMB again!

Now if it mentioned SMB on the settings page rather than as a passing reference buried in the FAQs I wouldn't have bothered you all here. But thank you for the suggestions, they helped me think it through and find the solution.
 
Upvote 0
DeltaGolf said:
Fixed it!

So that tickbox in the FritzBox VPN settings page. The one that says "Allow NetBIOS over this connection (for Microsoft Windows file and printer sharing)". Obviously I don't need to tick that cos we don't have any Windows machines and don't need printer sharing.

Obviously I do. So I did. And I have SMB again!

Now if it mentioned SMB on the settings page rather than as a passing reference buried in the FAQs I wouldn't have bothered you all here. But thank you for the suggestions, they helped me think it through and find the solution.
Click to expand...

The NetBIOS over TCP protocol is used by any non-Active Directory (and non WINS) SMB client to find the SMB file sharing server(s). In modern Microsoft networking, it has been replaced (after a side trip through WINS servers), with unicast DNS service. But without Active Directory, perhaps "Workgroup" networking, its back to NetBIOS or WINS service.

Indeed, Active Directory is heavily based on DNS service. Each AD domain is also two DNS zones.

I'm glad your setup is now working!
 
Upvote 0
DeltaGolf said:
Fixed it!

So that tickbox in the FritzBox VPN settings page. The one that says "Allow NetBIOS over this connection (for Microsoft Windows file and printer sharing)". Obviously I don't need to tick that cos we don't have any Windows machines and don't need printer sharing.

Obviously I do. So I did. And I have SMB again!

Now if it mentioned SMB on the settings page rather than as a passing reference buried in the FAQs I wouldn't have bothered you all here. But thank you for the suggestions, they helped me think it through and find the solution.
Click to expand...
I registered on this forum only to thank you. I had exactly the same problem with exactly the same configuration and it was driving me crazy. Thank you so much!
 
Upvote 0

Create an account or login to comment

You must be a member in order to leave a comment

Create account

Create an account on our community. It's easy!

Register

Log in

Already have an account? Log in here.

Similar threads

I
  • Question
SMB Service Problem on Windows
yes,i can, i only try it on windows, i find the solution,i clone/make a new sharing folder with same file...
Replies
2
Views
675
Informasi Teknologi
I
H
  • Solved
DSM 7.1 Can't set up SMB when Synology NAS is on a different subnet
Well, I sorted the problem out. I ensured that the Windows firewall rules were meant specifically for the...
Replies
16
Views
1,614
hassamkoh
H
N
  • Question
Setting Shared Folder perms. Where are system umask and smb share perms kept?
will do. Cheers.
Replies
4
Views
807
namedNik
N
fredbert
SMB Service v4.15.13-0795
I can see that being a reasonable approach to updating, especially operating systems. As for AFP, I’ve...
Replies
6
Views
1,643
AppleTechStar
AppleTechStar
H
Problems saving macOS MS Word & Apple Preview files to SMB shares
I can confirm that the latest smb update resolved the issue in my case. I can now save files directly on...
2
Replies
20
Views
2,123
HarryMe
H
M
MacOS and SMB unmounting issues, work around
Mounted SMB-volumes are ejected/unmounted maybe once or twice a day. Remounting is not possible (DS as...
Replies
0
Views
1,118
macjosch
M
A
DSM 6.2 Can't acces smb after admin password change
It has to be problem on pc site, with credentials. When i will have more time i will change the password...
Replies
9
Views
2,187
azizi
A

Welcome to SynoForum.com!

SynoForum.com is an unofficial Synology forum for NAS owners and enthusiasts.

Registration is free, easy and fast!

Register

Trending threads

Back
Top