Hi,
On 11/02/22 15:30, Bo Berglund wrote:
On Fri, 11 Feb 2022 14:44:05 +0100, Jan Just Keijser <janj...@nikhef.nl> wrote:
EXPERIMENT
----------
I installed the nfs server on a RaspberryPi on the 119 LAN and used the same
kind of exports entry:
/mnt/nfs 192.168.116.0/22(rw,sync,no_subtree_check)
After the setup was done:
$ showmount -e
Export list for rpi4-dev:
/mnt/nfs 192.168.116.0/22
Then on the *remote* device which is unable to connect to the nfs share on the
OVPN server I did this:
sudo mount 192.168.119.164:/mnt/nfs /mnt/nas
cd /mnt/nas/
touch kalle
ls -l
-rw-rw-r-- 1 bosse bosse 0 Feb 11 13:07 kalle
So this connect succeeds!
Definitely an OpenVPN server problem here, why cannot remote clients mount the
nfs share on the OVPN server itself when they can connect to other nfs servers
on the home LAN using the exact same export directive?
accessing stuff on the Openvpn server via the VPN itself is tricky: keep
in mind that OpenVPN needs to add a route *bypassing* the VPN from the
client to the VPN server. If OpenVPN did not do that, then the openvpn
traffic itself, intended for the OpenVPN server process, might get sent
out via the VPN interface, causing a "biting your own tail" problem.
Why? The call is destined for the server's IP address on port 2049, right?
If you need to be able to access other services on the OpenVPN server
then you will need to set up source routing or policy routing (not sure
if Windows supports this) to ensure that
UDP traffic over port 1194 from client to VPN server -> send out
over the pre-VPN gateway/LAN
all other traffic from client to VPN server -> send out over the VPN
tunnel interface
When the client accesses the RPi NFS then presumably this happens:
[Client]-117->[Router->VPN]->Internet->[Router]-119->[OpenVPNserv]-119->[RPiNFS]
But when replacing RPiNFS with the NFS port on the OpenVPN server for a call to
the NFS server then the call out on LAN 119 should be for port 2049 on the
OpenVPN server own IP address.
Why would that be a problem?
I have trouble understanding this "source routing" or "policy routing" of
OpenVPN...
Is there a document describing this case and how to configure for it?
I would need to know the option/command name to be able to search for it...
so which NFS server address are you using? the local LAN IP or the VPN
tunnel IP? the tunnel IP might work...
and like Gert suggested, run tcpdump on the server to see what happens
to the traffic, e.g.
tcpdump -nnel -i tun0 tcp port 2049
or something similar.
HTH,
JJK
_______________________________________________
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users