Hello, all. I'm testing the ability of my strongswan vpn connection to nfs mount across the connection and am running into some issues.
The exports (on a separate server, nfs-server) is set up to export the directory to the vpn virtual address. This has been tested independently with an extra server assigned that address (call it 1.2.3.102) -- nfs mounting was fine. So I removed the test machine from the network, and set up the vpn connection with a vpn client, which gives me a tun0 with 1.2.3.102 as the listed address when I verify on the vpn client with ifconfig. (I can also ssh to other machines in our private networks from the vpn client while the vpn connection is running.) Strongswan server is running ubuntu 14.04 with strongswan from the repository; client is running ubuntu 14.04 with network-manager-strongswan installed. nfs-server is another 14.04 installation. When I attempt to mount the directory on the client sudo mount nfs-server.example.com:/home/moi /mnt I get access denied by server while mounting nfs-server.example.com:/home/moi on nfs-server's /var/log/syslog Sep 22 13:49:03 nfs-server rpc.mountd[1069]: refused mount request from <vpn server ip address> for /nfs-server/users/moi (/): not exported So it seems the request is being made "from" vpn.example.com and not "from" 1.2.3.102 . I suspect this is because vpn.example.com is natting the addresses this way, but I'm not sure if there's an alternative configuration on the vpn server to handle this? I really didn't find anything specific about handling nfs over vpn at the strongswan wiki. Any thoughts appreciated, --Cindy _______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
