Setup SMB share over VPN with Ubiquiti USG Firewall

randyvogl

Cadet
Joined
Mar 26, 2020
Messages
6
Hello everyone,
I am hoping someone can help me understand how to better troubleshoot this issue. Here is my current setup.
1) Attached to the modem I have a small USG from Ubiquiti with a cloud key. I have set up and configured VPN and it seems to be working flawlessly. I can

I can visit the FreeNAS server via HTTP/HTTPS and SSH. Both work great without any connection issues. I have tried looking through the FreeNAS to see if there are a firewall or permission rules but haven't found anything out of place, however, I am not sure if I am looking in all appropriate places. The FreeNAS server is at 10.1.10.159 and the VPN pool is 172.20.100.1/29.

I did not see a place to specifically allow another subnet. I don't have any extra routing rules set up but I would assume if all SSH and HTTP are working properly that is not the issue? Finally, I have tried to see if it will work with IDP, IPS off and on with no luck.

Your help is greatly appreciated
 

Kcaj

Contributor
Joined
Jan 2, 2020
Messages
100
Does the firewall allow SMB ports between VPN network and FreeNAS network?

Running a command like telnet 10.1.10.159 139 from a VPN client might give some insight...
 

SweetAndLow

Sweet'NASty
Joined
Nov 6, 2013
Messages
6,421
Your running two different subnets. Make it one subnet or open the routing between them.
 

randyvogl

Cadet
Joined
Mar 26, 2020
Messages
6
OK, Sorry for the delayed response I wanted to chase out the issue as much as I could. As I suspected it isn't directly a FreeNAS issue, but I agree that it is a routing issue. I have L2TP VPN configured with its own subnet pool (172.20.5.0/29). I have been digging to try and figure out how to configure the routes correctly on this USG, forgive my ignorance, does anyone have a configuration like this or can help me understand where the traffic is being lost? Is it on the return trip that it is getting lost? Do I need a route from 172. to 10. or from 10. to 172. or 172. to WAN. Again thanks for putting up with my ignorance.

When I run a telnet as suggested above this is the response that I get.
telnet 10.1.10.159
Connecting To 10.1.10.159...Could not open connection to the host, on port 23: Connect failed

Static Routes.PNG


I can successfully run a tracert and it hops from remote PC to 10. to FreeNAS
Additionally, I can SSH into the FreeNAS box without any issues.

I greatly appreciate your help!
 

Kcaj

Contributor
Joined
Jan 2, 2020
Messages
100
You missed 139 from the end of the telnet command.

To be clear, you are able to SSH from a VPN client to the FreeNAS box?

If above is true, that would suggest routing is fine, so ether the SMB port is blocked or SMB is not running.

Post the output of telnet 10.1.101.159 139 and also oftelnet 10.1.101.159 22 from a VPN client
 

randyvogl

Cadet
Joined
Mar 26, 2020
Messages
6
telnet 10.1.10.159 22
SSH-2.0-OpenSSH_7.4-hpn14v5 FreeBSD-openssh-portable-7.4.p1,1

telnet 10.1.10.159 139
returns a blank screen

I would assume this means that I am not getting return traffic from the FreeNAS over SMB port?
 

randyvogl

Cadet
Joined
Mar 26, 2020
Messages
6
I also forgot to mention that I don't believe it is an SMB issue with the FreeNAS as it works locally without issue. It is just from the VPN that it is not working
 

Kcaj

Contributor
Joined
Jan 2, 2020
Messages
100
Post the output of telnet 10.1.101.159 139 and also of telnet 10.1.101.159 22 from a VPN client.

A blank screen is not normal, should be something like this for SSH port:

Code:
$ telnet 10.10.10.6 22
Trying 10.10.10.6...
Connected to 10.10.10.6.
Escape character is '^]'.
SSH-2.0-OpenSSH_8.0 FreeBSD-openssh-portable-8.0.p1_1,1


and this for me since I am not running SMB (probably the same if firewall is blocking it)

Code:
$ telnet 10.10.10.6 139
Trying 10.10.10.6...
telnet: connect to address 10.10.10.6: Operation timed out
telnet: Unable to connect to remote host


P.S: please use code tags.
 

randyvogl

Cadet
Joined
Mar 26, 2020
Messages
6
When I type in open 10.1.10.159 22 I get the following
Code:
Connecting To 10.1.10.159...
SSH-2.0-OpenSSH_7.4-hpn14v5 FreeBSD-openssh-portable-7.4.p1,1


When I type in open 10.1.10.159 139 I get the following

Code:
Microsoft Telnet> open 10.1.10.159 139
Connecting To 10.1.10.159...
Connection to host lost.


Does this help answer the question?
 

randyvogl

Cadet
Joined
Mar 26, 2020
Messages
6
Hey guys, Just following up to see if anyone has any additional insight on this issue based on the results above?
 

Kcaj

Contributor
Joined
Jan 2, 2020
Messages
100
I would look at your firewall rules first and make 100% sure that its not blocking the required ports.
 
Top