Menu
What's new
By:
Filters Better Search

Openvpn pre-configured?

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

sinshiva said:
would you mind dumping the contents of /etc/smb.conf here?
Click to expand...

Code: 
[global]
workgroup = WORKGROUP
netbios name = RT-AC68U
server string = RT-AC68U
unix charset = UTF8
display charset = UTF8
log file = /var/log.samba
log level = 0
max log size = 5
security = USER
guest ok = no
map to guest = Bad User
encrypt passwords = yes
pam password change = no
null passwords = yes
max protocol = NT1
passdb backend = smbpasswd
smb encrypt = disabled
smb passwd file = /etc/samba/smbpasswd
force directory mode = 0777
force create mode = 0777
max connections = 5
obey pam restrictions = no
use spnego = no
client use spnego = no
disable spoolss = yes
host msdfs = no
strict allocate = No
bind interfaces only = yes
interfaces = br0 192.168.1.1/255.255.255.0 
use sendfile = yes
map archive = no
map hidden = no
map read only = no
map system = no
store dos attributes = yes
dos filemode = yes
oplocks = yes
level2 oplocks = yes
kernel oplocks = no
wide links = no

And below that is my shares.
 
ok, you'll need to make a copy of that whole config to /jffs/configs/smb.conf

before your shares, add;

hosts deny = 10.16.0.0/16

then, run;

service restart_nasapps

which should overwrite /etc/smb.conf when it reloads, if not, reboot
 
sinshiva said:
ok, you'll need to make a copy of that whole config to /jffs/configs/smb.conf

before your shares, add;

hosts deny = 10.16.0.0/16

then, run;

service restart_nasapps

which should overwrite /etc/smb.conf when it reloads, if not, reboot
Click to expand...

Seems to work, really really thank you.
But how come its not blocket by iptables?

This command:
iptables -I FORWARD -s 10.16.0.0/24 -d 192.168.1.0/24 -j DROP
Blocks access to my other LAN smb shares.
While the iptables for tun22 don´t block for the routers smb share. Just wonder why?


Is there some risk that more things are open at this vpn connection or is it safe if I do like this:
Code: 
iptables -I FORWARD -s 10.16.0.0/24 -d 192.168.1.0/24 -j DROP
iptables -I INPUT -i tun22 -p udp ! --dport 53 -j DROP
iptables -I INPUT -i tun22 -p tcp -j DROP

Then
Code: 
hosts deny = 10.16.0.0/16
in /jffs/configs/smb.conf

This way this vpn connection only passess traffic through my ip and can´t access my LAN at all? Correct?

Edit: One last question, why are we only blocking one port @ udp, but all @ tcp?
Edit2: Now I start to understand, we are in fact blocking all udp but not port 53, since there is a "!" ?
 
Last edited:
You must log in or register to reply here.

Similar threads

S
OpenVPN server fails after reboot
Replies
6
Views
651
L&LD
L&LD
A
cipher is not set. OpenVPN versions before 2.5 defaulted to BF-CBC as fallback
Replies
2
Views
11K
Martinski
M
abhi.ko
OpenVPN Setup Question
2 3
Replies
48
Views
5K
L&LD
L&LD
G
Configuring OpenVPN for Merlin - Updated EasyRSA no longer works on Windows
Replies
10
Views
4K
Martinski
M
I
Solved LAN client running qBittorrent crashes gt-ax6000 (running Merlin 3004.388.4)
2 3
Replies
46
Views
5K
glens
G
Similar threads
Thread starter Title Forum Replies Date
D Solved Openvpn client dns Asuswrt-Merlin 2
PR3MIUM WireGuard removing OpenVPN on ASUS Routers ? Asuswrt-Merlin 2
T [Help] Problems setting up OpenVPN Asuswrt-Merlin 7
N dedicated router for OpenVPN Asuswrt-Merlin 4
N Solved OpenVPN Server split tunnell config Asuswrt-Merlin 5
C Connection to router by ip fails while remote over OpenVPN Asuswrt-Merlin 17
S OpenVPN LAN access + one external IP Asuswrt-Merlin 3
J VPN director Multiple OpenVPN clients Asuswrt-Merlin 7
G OpenVPN Server log, is this in error ? Asuswrt-Merlin 7
H Extremely low speed on ac86u with openvpn client Asuswrt-Merlin 7

Similar threads

Latest threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online

Total: 763 (members: 30, guests: 733)
Top