On Fri, 11 Feb 2022 14:44:05 +0100, Jan Just Keijser <janj...@nikhef.nl> wrote:
>Hi Bo, >> EXPERIMENT >> ---------- >> I installed the nfs server on a RaspberryPi on the 119 LAN and used the same >> kind of exports entry: >> >> /mnt/nfs 192.168.116.0/22(rw,sync,no_subtree_check) >> >> After the setup was done: >> $ showmount -e >> Export list for rpi4-dev: >> /mnt/nfs 192.168.116.0/22 >> >> Then on the *remote* device which is unable to connect to the nfs share on >> the >> OVPN server I did this: >> >> sudo mount 192.168.119.164:/mnt/nfs /mnt/nas >> cd /mnt/nas/ >> touch kalle >> ls -l >> -rw-rw-r-- 1 bosse bosse 0 Feb 11 13:07 kalle >> >> So this connect succeeds! >> >> Definitely an OpenVPN server problem here, why cannot remote clients mount >> the >> nfs share on the OVPN server itself when they can connect to other nfs >> servers >> on the home LAN using the exact same export directive? >> > >accessing stuff on the Openvpn server via the VPN itself is tricky: keep >in mind that OpenVPN needs to add a route *bypassing* the VPN from the >client to the VPN server. If OpenVPN did not do that, then the openvpn >traffic itself, intended for the OpenVPN server process, might get sent >out via the VPN interface, causing a "biting your own tail" problem. Why? The call is destined for the server's IP address on port 2049, right? >If you need to be able to access other services on the OpenVPN server >then you will need to set up source routing or policy routing (not sure >if Windows supports this) to ensure that > > UDP traffic over port 1194 from client to VPN server -> send out >over the pre-VPN gateway/LAN > all other traffic from client to VPN server -> send out over the VPN >tunnel interface > When the client accesses the RPi NFS then presumably this happens: [Client]-117->[Router->VPN]->Internet->[Router]-119->[OpenVPNserv]-119->[RPiNFS] But when replacing RPiNFS with the NFS port on the OpenVPN server for a call to the NFS server then the call out on LAN 119 should be for port 2049 on the OpenVPN server own IP address. Why would that be a problem? I have trouble understanding this "source routing" or "policy routing" of OpenVPN... Is there a document describing this case and how to configure for it? I would need to know the option/command name to be able to search for it... -- Bo Berglund Developer in Sweden _______________________________________________ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users
