Wireguard server: can't connect SMB volumes

[fenguix]

Hi! I'm having a problem with Wireguard server and can't figure it out what's wrong.
Configuration:
RT-AX86U Pro latest Merlin... all working ok.
Shared SMB volumes from ext disk on router. In local net, all working perfectly from windows clients, mac, phones, etc.
I've set up a wireguard server to access remotely to my shared smb volumens on router.
I can connect without any problema from Mac, phone, windows, etc. (out of home of course).
I have internet access in all devices (checked that i have same ip as my home, so devices are using "the internet of my home").
From Android, using file explorer app, I can see all the shared folders without any problem, connecting by the internal ip 192.xxxxxxx of course. But everything fine.
But, and that is the problem, from my notebook Windows 11 I'm able to surf internet as I said, but I have no way to connect to any of the shared folders. No way to connect by SMB by router_name.local or 192.xxxxxx ip.
The strange thing is that I can access to merlin software by 192.xxxxx ip in the browser, so, the notebook IS connected ok to the local network and can see the router ip. Also checked with ping. So, the problem is related to smb shares that can't be accesed by this Windows 11 notebook. Because from my android phone I can access to them without problem, so I think that wireguard served is ok configured.... or am I missing something?
Any idea what can be wrong?
Not sure if helps, but this is Wireguard config for the client:

[Interface]
PrivateKey = xxxxxxxxxxxxxxxxxxx
Address = 10.6.0.5/32
DNS = 10.6.0.1
[Peer]
PublicKey = xxxxxxxxxxxxxxxxxxxxxx
AllowedIPs = 0.0.0.0/0
Endpoint = xxxxxxxxxxx.asuscomm.com:51820
PersistentKeepalive = 25

Thanks!

 

[DJones]

Hi! I'm having a problem with Wireguard server and can't figure it out what's wrong.
Configuration:
RT-AX86U Pro latest Merlin... all working ok.
Shared SMB volumes from ext disk on router. In local net, all working perfectly from windows clients, mac, phones, etc.
I've set up a wireguard server to access remotely to my shared smb volumens on router.
I can connect without any problema from Mac, phone, windows, etc. (out of home of course).
I have internet access in all devices (checked that i have same ip as my home, so devices are using "the internet of my home").
From Android, using file explorer app, I can see all the shared folders without any problem, connecting by the internal ip 192.xxxxxxx of course. But everything fine.
But, and that is the problem, from my notebook Windows 11 I'm able to surf internet as I said, but I have no way to connect to any of the shared folders. No way to connect by SMB by router_name.local or 192.xxxxxx ip.
The strange thing is that I can access to merlin software by 192.xxxxx ip in the browser, so, the notebook IS connected ok to the local network and can see the router ip. Also checked with ping. So, the problem is related to smb shares that can't be accesed by this Windows 11 notebook. Because from my android phone I can access to them without problem, so I think that wireguard served is ok configured.... or am I missing something?
Any idea what can be wrong?
Not sure if helps, but this is Wireguard config for the client:

[Interface]
PrivateKey = xxxxxxxxxxxxxxxxxxx
Address = 10.6.0.5/32
DNS = 10.6.0.1
[Peer]
PublicKey = xxxxxxxxxxxxxxxxxxxxxx
AllowedIPs = 0.0.0.0/0
Endpoint = xxxxxxxxxxx.asuscomm.com:51820
PersistentKeepalive = 25

Thanks!

Sounds like a samba issue can we see your smb.conf file content to verify it’s setup correctly? You can redact any sensitive file information.

Note that the routers using 3.0.0.4 does not support samba version 4.0 and up (smb3). You would have to use the entware samba for that which might not be compatible with the built in version web UI. Meaning you’d have to make your configuration changes strictly from the the entware versions smb.conf file using ssh. Firmware version 3.0.0.6 might use Samba 4 I’m not sure as I don’t have a router that supports 3.0.0.6 codebase.

 

[fenguix]

Thanks @DJones ! I'm kind of newbie in this but This is what I've found:

[global]
netbios name = MYROUTER
server string = RT-AX86U_Pro
workgroup = WORKGROUP
username level = 20
unix charset = UTF8
display charset = UTF8
load printers = no
printing = bsd
printcap name = /dev/null
log file = /var/log/samba.log
log level = 0
max log size = 5
security = USER
guest ok = no
map to guest = Bad User
encrypt passwords = yes
pam password change = no
null passwords = yes
force directory mode = 0777
force create mode = 0777
max connections = 5
socket options = IPTOS_LOWDELAY TCP_NODELAY SO_KEEPALIVE
obey pam restrictions = no
use spnego = yes
client use spnego = no
disable spoolss = yes
host msdfs = no
strict allocate = no
wide links = no
bind interfaces only = yes
interfaces = lo br0 192.168.100.1/255.255.255.0
use sendfile = yes
map archive = no
map hidden = no
map read only = no
map system = no
store dos attributes = no
dos filemode = yes
oplocks = yes
level2 oplocks = yes
kernel oplocks = no
enable core files = no
deadtime = 30
load printers = no
printable = no
max protocol = SMB2
smb encrypt = disabled
min receivefile size = 16384
passdb backend = smbpasswd
smb passwd file = /etc/samba/smbpasswd
[Compartido_Net]
comment = Net_Disk's Compartido_Net in Seagate Backup+ Hub BK
path = /tmp/mnt/Net_Disk/Compartido_Net
dos filetimes = yes
fake directory create times = yes
valid users = fenguix
invalid users = otros
read list = fenguix
write list = fenguix

 

[bennor]

So, the problem is related to smb shares that can't be accesed by this Windows 11 notebook. Because from my android phone I can access to them without problem, so I think that wireguard served is ok configured.... or am I missing something?

Wireguard is likely configured properly if other devices can access it but the Win 11 PC cannot. One possible way to troubleshoot is to setup an OpenVPN connection rather than Wireguard and test that Win 11 PC.

On the Windows PC check that any third party security programs (antivirus, antimalware, firewall, etc.) is not possibly blocking access to local network servers. As a troubleshooting step, temporarily disable that third party security software/program and test.

On the Windows PC, as a troubleshooting step, double check that File/Print sharing is enabled.

Check the Windows Wireguard configuration to see if there is a setting that affects SMB access.

How is the SMB section configured in the router GUI >USB Application > Servers Center > Network Place (Samba) Share / Cloud Disk > Samba protocol version? Is it configured for SMBv1 + SMBv2, or for something else?

As a troubleshooting step, on the Windows 11 PC enable the Windows Feature SMB1.0/CIFS Client in the Windows Features option section (Turn Windows Features On/Off).

Didn't have a problem with a Win 11 PC accessing a USB hard drive attached to a RT-AX86U Pro running Asus-Merlin firmware using Wireguard. But on my Win 11 PC I do have SMB1.0 enabled for other reasons.

 

[ColinTaylor]

@fenguix Samba only listens on the LAN interface, br0 (and loopback). You'll need to create a custom script that adds the WireGuard interface.

 

[fenguix]

thanks to all..... not sure what was the fix but right now it's working.
I did activate SMB v1 (wasn't activated).... and also turned off firewall when connected with wireguard VPN.
So, probably Firewall is the problem with the tunnelling or so. No idea if it's, but firewall on don't see drives and firewall off works ok ;-)
Turned the adapter in "home" and not "public" but didn't help, so right now, solution is turning off firewall when connecting to vpn.
In a few words, Merlin is working good. Problem is Mr. Microsoft and their things..... (yes, I'm a Mac user jajaja)
Thanks to all!

 

[DJones]

@fenguix Samba only listens on the LAN interface, br0 (and loopback). You'll need to create a custom script that adds the WireGuard interface.

Additionally he might run into an issue with bind interfaces.