On Fri, 11 Feb 2022 08:03:05 +0100, Gert Doering <g...@greenie.muc.de> wrote:
>Hi, > >On Fri, Feb 11, 2022 at 01:02:18AM +0100, Bo Berglund wrote: >> sudo mount 192.168.119.216:/home/bosse/www/VIDEO /mnt/video >> mount.nfs: access denied by server while mounting >> 192.168.119.216:/home/bosse/www/video > >"access denied" means "they have connectivity, but the server config >is disallowing access" -> /etc/exports on the server > My server side /etc/exports file looks like this: /nfs/pi_share 192.168.119.0/24(rw,sync,no_subtree_check) #Let the IP mask cover 1024 addresses rather than 256: /home/bosse/www/VIDEO 192.168.116.0/22(rw,sync,no_subtree_check) And here is what is shown as shared: $ showmount -e Export list for ubuntuserv: /home/bosse/www/VIDEO 192.168.116.0/22 /nfs/pi_share 192.168.119.0/24 The video share was defined like this before I widened it to 1024 addresses to cover both the 119 and 117 networks (on a single line, the newsreader wraps): /home/bosse/www/VIDEO -rw,sync,no_subtree_check 192.168.119.0/24 192.168.117.251 Here I just added a specific client IP for the remote device But it also did not work... For devices on the 119 LAN there are no problems to connect to the share on the OVPN server, it is just a problem for devices on the 117 LAN via the OpenVPN client connection. Always the "access denied" message. So the share itself must be OK, hence my questioning the OpenVPN functionality. Clients on the 117 LAN connect through the VPN tunnel and I assume exit from the server on to the 119 LAN, but with which IP address??? Are they exiting on to the 119 LAN with a tunnel address so that is why it won't work? Do I need to add the VPN tunnel addresses as allowed clients too? EXPERIMENT ---------- I installed the nfs server on a RaspberryPi on the 119 LAN and used the same kind of exports entry: /mnt/nfs 192.168.116.0/22(rw,sync,no_subtree_check) After the setup was done: $ showmount -e Export list for rpi4-dev: /mnt/nfs 192.168.116.0/22 Then on the *remote* device which is unable to connect to the nfs share on the OVPN server I did this: sudo mount 192.168.119.164:/mnt/nfs /mnt/nas cd /mnt/nas/ touch kalle ls -l -rw-rw-r-- 1 bosse bosse 0 Feb 11 13:07 kalle So this connect succeeds! Definitely an OpenVPN server problem here, why cannot remote clients mount the nfs share on the OVPN server itself when they can connect to other nfs servers on the home LAN using the exact same export directive? -- Bo Berglund Developer in Sweden _______________________________________________ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users
