Page 1 of 2 12 LastLast
Results 1 to 10 of 14
  1. #1
    Untangler
    Join Date
    May 2013
    Location
    Canada
    Posts
    31

    Cool can not map drives through OPENvpn

    Good day,

    I just installed OPENvpn and I can not map any drive through it. Could not get IPsec to work with the current ISP router config.

    From the command prompt I can ping the name / FQDN / IP address of the NAS server.

    If I try to map the drive using any method above I get a "cannot access" error from windows.

    If I click on a mapped drive from the login script I get "The network path was not found" error

    There is no domain controller on this subnet.

    VPN is UT to UT and is always on.

    Everything else seems to be working good.

    Thanks,

    Dave

  2. #2
    Master Untangler
    Join Date
    Jan 2011
    Posts
    933

    Default

    try turning off NAT in the openvpn server tab.

  3. #3
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    21,725

    Default

    That setting doesn't affect site-to-site tunnels.

    I suspect either DNS resolution over the tunnel isn't working properly, or someone forgot to add the remote address range to active directory sites and services so the domain windows firewall profile works and stops blocking stuff.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  4. #4
    Master Untangler
    Join Date
    Jan 2011
    Posts
    933

    Default

    Quote Originally Posted by sky-knight View Post
    That setting doesn't affect site-to-site tunnels.
    hmmm... well I had a site-to-site setup awhile back where it sure seemed like I was seeing the effects of NAT, and things started working a whole lot better when I turned it off. obviously it could have been some other issue that was resolved by disconnecting and re-connecting the VPN.

  5. #5
    Untangler
    Join Date
    May 2013
    Location
    Canada
    Posts
    31

    Default

    Quote Originally Posted by sky-knight View Post
    That setting doesn't affect site-to-site tunnels.

    I suspect either DNS resolution over the tunnel isn't working properly, or someone forgot to add the remote address range to active directory sites and services so the domain windows firewall profile works and stops blocking stuff.
    Thanks Sky-Knight,

    It is still not working.

    I can open a web browser and type the FQDN in the browser and it will connect me to the NAS GUI.

    I can also open the CMD prompt and can pingthe NAS with both the FQDN or the IP address.

    Any kind of network search I do however comes up blank as if windows can not discover anything on the main LAN.

    Dave

  6. #6
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    21,725

    Default

    If you're relying on Windows's network browser, that is any of the GUI tools to locate a network resource. These tools are built via network broadcast and will not reveal resources over a VPN link. The only notable exception to this is if you have a domain, because the domain controller is is generally the master browser and usually maintains the list of resources so the client can query it. All of that being said, the process is horribly inconsistent and has been so for as long as the browser process has existed, all the way back to Windows 3.11 for Workgroups.

    TLDR, stop using the GUI and fire up the command line: net use x: \\server.domain\share /persistent:yes

    You should also be able to press winkey + r, and type \\server.domain into the box and press enter, this should bring up a window with your shares in it on the target server, right clicking on the share will provide a map drive option you can use.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  7. #7
    Untangler
    Join Date
    May 2013
    Location
    Canada
    Posts
    31

    Default

    Rob,

    I could not get either to work.

    when I execute the "net use" I get "System error 67 has occurred The network name cannot be found"

    when i do \\dibsi.nas1 or \\dibsi.nas1.dibsi.int I get "Windows cannot access" Error popup

    This is the first time I have ever done a subnet without a DC on the subnet.

    any other ideas?

    Dave

  8. #8
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    21,725

    Default

    What NAS are you using?

    Some of them have internal firewalls that limit access to local addresses, hopefully yours is one that can be configured, if not... we may have to build a custom NAT policy to get around it.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  9. #9
    Untangler
    Join Date
    May 2013
    Location
    Canada
    Posts
    31

    Default

    Rob,

    It is a QNAP.

    It works fine from my other sites, the only difference is that this site does not have a local DC onsite and the others were connected with an IPsec VPN and this one is OPENvpn because I don't have a static IP at this location.

    My other sites both have local DC that are slaves to the main DC the main network.

    Just had a brain fart

    The PC that is at my home office was part of the main network before and still has all of the DC info stored locally on it and I would think that it probably does not have anything going between it and the DC anymore, should i unjoin the domain and just let it be in a workgroup instead ... just wondering if it is more off a domain authentication problem since it is probably not talking to the DC than it is anything else.

    Dave

  10. #10
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    21,725

    Default

    I would use nslookup and verify DNS is working. If you're using AD Auth, you're going to need it.

    Site-to-site tunnels do not push DNS, you have to manually configure DHCP on the local server to support AD. If you haven't done so, then yeah I imagine you're having issues there. You'd have to map IP addresses instead of names by default.

    Does winkey + R, \\ipaddress work?
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

Page 1 of 2 12 LastLast

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2