Access to windows shared folders through Wireguard VPN

Follow

Akbast

• March 07, 2022 23:27

Firewalla Gold. I am trying to access a shared folder on one of the servers on my LAN while connected through a WireGuard VPN. The VPN client machine is able to RDP to the server but it can't see the shared folder. Other machines on the LAN are able to see the folder. What am I missing?

 

0

• 

  Firewalla

  • March 07, 2022 23:33

  Did you try to access it using the IP address?

  0

  Comment actions Permalink
• 

  Akbast

  • March 07, 2022 23:38
  • Edited

  Yes, I tried \\192.168.97.182 as well as \\192.168.97.182\folder

   

  0

  Comment actions Permalink
• 

  Firewalla

  • March 08, 2022 01:16

  Can you ping 192.168.97.182 when on VPN? Also, make sure the place you VPN's network IP is different from 192.168.97.x.

  If ping goes through, your issue is likely the 97.182 does not allow you to connect.

  0

  Comment actions Permalink
• 

  Akbast

  • March 08, 2022 02:00

  Ping is not working through the VPN but does work from another machine on the LAN.

  The IP of the remote machine connecting to VPN is 192.168.1.71 /24

  Looking at the routing table it appears that 192.168.97.0 should route over the VPN address of 10.189.8.250

  Active Routes:
  Network Destination        Netmask          Gateway       Interface  Metric
            0.0.0.0          0.0.0.0    192.168.1.254     192.168.1.71     30
            0.0.0.0        128.0.0.0         On-link      10.189.8.250      5
       10.189.8.250  255.255.255.255         On-link      10.189.8.250    261
          127.0.0.0        255.0.0.0         On-link         127.0.0.1    331
          127.0.0.1  255.255.255.255         On-link         127.0.0.1    331
    127.255.255.255  255.255.255.255         On-link         127.0.0.1    331
    127.255.255.255  255.255.255.255         On-link      10.189.8.250    261
          128.0.0.0        128.0.0.0         On-link      10.189.8.250      5
        192.168.1.0    255.255.255.0         On-link      192.168.1.71    286
       192.168.1.71  255.255.255.255         On-link      192.168.1.71    286
      192.168.1.255  255.255.255.255         On-link      192.168.1.71    286
          224.0.0.0        240.0.0.0         On-link         127.0.0.1    331
          224.0.0.0        240.0.0.0         On-link      192.168.1.71    286
    255.255.255.255  255.255.255.255         On-link         127.0.0.1    331
    255.255.255.255  255.255.255.255         On-link      192.168.1.71    286

  0

  Comment actions Permalink
• 

  Support Team

  • March 08, 2022 03:21

  Can you try step 2 in this link?

  https://windowsreport.com/firewall-blocking-file-sharing/

  Basically allow windows sharing to accept connections from *public* network. Otherwise, it will only accept local LAN access.

   

   

  0

  Comment actions Permalink
• 

  Akbast

  • March 08, 2022 13:32

  This didn't work but it led me to the right path. Turns out it was windows firewall blocking it. 

  To fix it I had to go into the inbound rules and modify "File and Printer Sharing (SMB-In)" on the Private profile. The "Remote Address" had to be changed from "Local subnet" to "Any". I did the same thing for ICMPv4-In and now I can also ping. 

  Thanks for the help! Clearly windows firewall has gotten far more granular in it's permissions than in the past.

  1

  Comment actions Permalink
• 

  Support Team

  • March 10, 2022 08:10

  Thanks for the confirmation. It looks quite common for Windows to allow only from local subnet, we may add an option in the app in the future to enable NAT on VPN devices so that they appear like "local".

  2

  Comment actions Permalink

Please sign in to leave a comment.