Hello!
I've sucessfuly configured my MX64 to stablish an VPN, and I am able to connect to it using my Windows home PC (The subnet configured to this VPN connection is 10.0.255.0/24.). Once I'm connected I am able to ping to every mac and windows pcs on my meraki mx64 lan (192.168.0.0/24).
* I own a Synology DS220+ that is configured as a fixed IP (192.168.0.251). It can be locally accessed over a web browser and SMB shared folders.*
The problem I am facing is this: I can't connect to my NAS over SMB (shared folders on files explorer) in my Windows Home PC. However, I can ping to it and access it using a Web Browser. I just can't see it in my files explorer in the network section. In according to that I also cant see other computers MAC and Windows in the files explorer, but I also can ping them.
I have already verified that the sharing over network is enabled in my windows computer.
______
I have not test to use a MAC over this VPN because I dont own a MAC in my home.
Could someone help me?
Solved! Go to solution.
In your situation, don't bother with either DNS or WINS. WINs in particular is a very old technology.
Simplicity is the key, and in your case, adding one line to the local HOSTS file solves the problem and will be rock solid and reliable.
Do you have any rule or group policy that might be blocking it? All traffic on Client VPN is allowed by default. Also, have you checked your server's firewall? Try to perform a packet capture.
By the way, if you are using L2TP try this client:
https://www.draytek.com/products/smart-vpn-client/
Or try Anyconnect.
I cant find any firewall (meraki mx64) rule that can be causing this.... The same goes to group policie... Actually I've thied to create a allow rule in the firewall that is like this:
* Allow any protocoll from 192.168.0.0/24 destinated to 10.0.255.0/24 over any port.
* Allow any protocoll from 10.0.255.0/24 destinated to 192.168.0.0/24 over any port.
This doest not work.
______
Ok, I'll try this client you have suggested. In this moment I'am using the built in microsoft client over L2TP/IPSec. Its important to note that the meraki mx64 is the firewall/router that is hosting the VPN connection, it is the server. I'm using the VPN Client mode.
Is your subnet In your home overlapping the subnets configured on MX?
I dont think so. Actually the network flow is like this:
Windows home desktop (10.0.0.189) > router intelbras [10.0.0.1] (192.168.1.?) > router nokia [192.168.1.254] (WAN)
WAN > router vivo [192.168.15.1] > MerakiMX64 [192.168.15.2] (192.168.0.0/24) > Synology NAS1 (192.168.0.251)
The VPN subnet is 10.0.255.0/24. As I see all the subnets are different.
I have jsut noticed a performance problem. Using Iperf3 i see that the VPN performance is 4Mbps. My home network is 100Mbps and my company meraki mx64 is using a ISP that provides 300Mbps down/ 150Mbps up. Maybe there something wrong that is also affecting the performance.
I used the client software you suggested and nothing changed. The comunications bettween the computers is still happening and the performance problem either.
Do you have a Layer 7 Firewall rule configured, that denies all filesharing? That could cause it.
How are you accessing the NAS/SMB shares? By IP or DNS? If by DNS, make should that ClientVPN is assiging the same DNS server, as the rest of the network.
I dont have a layer 7 firewall doing this.
I was accessing the NAS by DNS! After reading your, and other helper from this topic ("Are you accessing the SMB share via IP address? E,g. \\192.168.0.251\"), comments I tried to access using IP (\\192.168.0.251\) and I was able to connect!
The connection to NAS by IP (\\192.168.0.251\) is working! But using DNS its not, so the computers in the lan don't get encontered automatically!
I'd also try and disable Windows Firewall for good measure, as a test...
disabling the windows defender firewall did nothing.
Are you accessing the SMB share via IP address? E,g. \\192.168.0.251\
I was accessing the NAS by DNS! After reading your, and other helper from this topic ("Are you accessing the SMB share via IP address? E,g. \\192.168.0.251\"), comments I tried to access using IP (\\192.168.0.251\) and I was able to connect!
The connection to NAS by IP (\\192.168.0.251\) is working! But using DNS its not, so the computers in the lan don't get encontered automatically!
People, in the MX64 VPN Client page I did not inserted a Wins Server, could my problem correlate to this?
I acctualy dont know how to stablish a wins server and dont know if it is really important. In my searches it seems like wins server would only be important considering old versions of windows. In my company every windows versions are Windows 10.
Yes, configure your Internal DNS and Wins servers:
So can't I simple use Google public DNS?
Google DNS won't help with internal DNS names.
Ok, thak you guys! I'll try to solve to problem in this way.
Could someone walk me thru the process of doing this? I finded that my synology NAS can be a DNS server, i'm seeking how to do thins.
So if I create a rule that leads an IP to a Domain Name suddenly thoses computers will show up in the network section of files explorer?
@BlakeRichardson answered your question.
Yeah. I mean, could someone tell me a step by step process to implement an DNS server to resolve local computers in order to be able to automaticaly find them in the network section of files explorer?
Do you have an Active Directory?
https://computingforgeeks.com/how-to-install-active-directory-domain-services-in-windows-server/
No, I dont. Im using the meraki cloud authentication and its working for now. I also dont have an windows server, only a Synology DS220+ NAS.
If you don't have a DNS server now - do not set one up. Too much effort and another box to maintain for such a small problem.
Instead, create a local HOSTS entry on your machine.
https://www.manageengine.com/network-monitoring/how-to/how-to-add-static-entry.html
Note this important bit when you do this:
"Open your text editor in Administrator mode."
It wont work if you don't do this.
Once done, you should be able to ping your NAS by name when on client VPN.
Ahh, nice! So this way I can associate an IP to an domain. But I would have to create this config in every remote access that was added to the VPN connection, right?
But is there a way to allow my windows to auto find those computers allowing me to just access it by the network section of files explorer? In my real local network here at home, when ever a computer is turned on I see it in the network sections in the files explorer, but it no happens to the computers across the VPN network.
Lol I'm felling my self dumb. I'm struggling to understand if this wins function is only executed by an actual hardware windows server (like windows server 2022 OS) or if I can create an wins server service in other hardwares. Could someone save me from my ignorance?
In your situation, don't bother with either DNS or WINS. WINs in particular is a very old technology.
Simplicity is the key, and in your case, adding one line to the local HOSTS file solves the problem and will be rock solid and reliable.