On Fri, 11 Feb 2022 08:03:05 +0100, Gert Doering <g...@greenie.muc.de> wrote:

>Hi,
>
>On Fri, Feb 11, 2022 at 01:02:18AM +0100, Bo Berglund wrote:
>> sudo mount 192.168.119.216:/home/bosse/www/VIDEO /mnt/video
>> mount.nfs: access denied by server while mounting
>> 192.168.119.216:/home/bosse/www/video
>
>"access denied" means "they have connectivity, but the server config
>is disallowing access" -> /etc/exports on the server
>

My server side /etc/exports file looks like this:

/nfs/pi_share  192.168.119.0/24(rw,sync,no_subtree_check)
#Let the IP mask cover 1024 addresses rather than 256:
/home/bosse/www/VIDEO 192.168.116.0/22(rw,sync,no_subtree_check)

And here is what is shown as shared:

$ showmount -e
Export list for ubuntuserv:
/home/bosse/www/VIDEO 192.168.116.0/22
/nfs/pi_share         192.168.119.0/24

The video share was defined like this before I widened it to 1024 addresses to
cover both the 119 and 117 networks (on a single line, the newsreader wraps):
/home/bosse/www/VIDEO -rw,sync,no_subtree_check  192.168.119.0/24
192.168.117.251

Here I just added a specific client IP for the remote device

But it also did not work...

For devices on the 119 LAN there are no problems to connect to the share on the
OVPN server, it is just a problem for devices on the 117 LAN via the OpenVPN
client connection. Always the "access denied" message.

So the share itself must be OK, hence my questioning the OpenVPN functionality.
Clients on the 117 LAN connect through the VPN tunnel and I assume exit from the
server on to the 119 LAN, but with which IP address???

Are they exiting on to the 119 LAN with a tunnel address so that is why it won't
work?
Do I need to add the VPN tunnel addresses as allowed clients too?

EXPERIMENT
----------
I installed the nfs server on a RaspberryPi on the 119 LAN and used the same
kind of exports entry:

/mnt/nfs 192.168.116.0/22(rw,sync,no_subtree_check)

After the setup was done:
$ showmount -e
Export list for rpi4-dev:
/mnt/nfs 192.168.116.0/22

Then on the *remote* device which is unable to connect to the nfs share on the
OVPN server I did this:

sudo mount 192.168.119.164:/mnt/nfs /mnt/nas
cd /mnt/nas/
touch kalle
ls -l
-rw-rw-r-- 1 bosse bosse 0 Feb 11 13:07 kalle

So this connect succeeds!

Definitely an OpenVPN server problem here, why cannot remote clients mount the
nfs share on the OVPN server itself when they can connect to other nfs servers
on the home LAN using the exact same export directive?


-- 
Bo Berglund
Developer in Sweden



_______________________________________________
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users

Reply via email to