How can I connect to my NAS (SMB) over Meraki VPN Client? [MX64]

Solved
Vbrites
Getting noticed

How can I connect to my NAS (SMB) over Meraki VPN Client? [MX64]

Hello!

 

I've sucessfuly configured my MX64 to stablish an VPN, and I am able to connect to it using my Windows home PC (The subnet configured to this VPN connection is 10.0.255.0/24.). Once I'm connected I am able to ping to every mac and windows pcs on my meraki mx64 lan (192.168.0.0/24).

 

* I own a Synology DS220+ that is configured as a fixed IP (192.168.0.251). It can be locally accessed over a web browser and SMB shared folders.*

 

The problem I am facing is this: I can't connect to my NAS over SMB (shared folders on files explorer) in my Windows Home PC. However, I can ping to it and access it using a Web Browser. I just can't see it in my files explorer in the network section. In according to that I also cant see other computers MAC and Windows in the files explorer, but I also can ping them.

 

I have already verified that the sharing over network is enabled in my windows computer.

 

 

______

I have not test to use a MAC over this VPN because I dont own a MAC in my home.

 

Could someone help me?

1 Accepted Solution
PhilipDAth
Kind of a big deal
Kind of a big deal

In your situation, don't bother with either DNS or WINS.  WINs in particular is a very old technology.

 

Simplicity is the key, and in your case, adding one line to the local HOSTS file solves the problem and will be rock solid and reliable.

View solution in original post

25 Replies 25
alemabrahao
Kind of a big deal
Kind of a big deal

Do you have any rule or group policy that might be blocking it? All traffic on Client VPN is allowed by default. Also, have you checked your server's firewall? Try to perform a packet capture.

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
alemabrahao
Kind of a big deal
Kind of a big deal

By the way, if you are using L2TP try this client:

 

https://www.draytek.com/products/smart-vpn-client/

 

Or try Anyconnect.

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
Vbrites
Getting noticed

I cant find any firewall (meraki mx64) rule that can be causing this.... The same goes to group policie... Actually I've thied to create a allow rule in the firewall that is like this:

* Allow any protocoll from 192.168.0.0/24 destinated to 10.0.255.0/24 over any port.

* Allow any protocoll from 10.0.255.0/24 destinated to 192.168.0.0/24 over any port.

 

This doest not work.

______

 

Ok, I'll try this client you have suggested. In this moment I'am using the built in microsoft client over L2TP/IPSec. Its important to note that the meraki mx64 is the firewall/router that is hosting the VPN connection, it is the server. I'm using the VPN Client mode.

alemabrahao
Kind of a big deal
Kind of a big deal

Is your subnet In your home overlapping the subnets configured on MX? 

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
Vbrites
Getting noticed

I dont think so. Actually the network flow is like this:

 

Windows home desktop (10.0.0.189) > router intelbras [10.0.0.1] (192.168.1.?) > router nokia [192.168.1.254] (WAN)

 

WAN > router vivo [192.168.15.1] > MerakiMX64 [192.168.15.2] (192.168.0.0/24) > Synology NAS1 (192.168.0.251)

 

The VPN subnet is 10.0.255.0/24. As I see all the subnets are different.

I have jsut noticed a performance problem. Using Iperf3 i see that the VPN performance is 4Mbps. My home network is 100Mbps and my company meraki mx64 is using a ISP that provides 300Mbps down/ 150Mbps up. Maybe there something wrong that is also affecting the performance.

Vbrites
Getting noticed

I used the client software you suggested and nothing changed. The comunications bettween the computers is still happening and the performance problem either.

rhbirkelund
Kind of a big deal
Kind of a big deal

Do you have a Layer 7 Firewall rule configured, that denies all filesharing? That could cause it.

 

How are you accessing the NAS/SMB shares? By IP or DNS? If by DNS, make should that ClientVPN is assiging the same DNS server, as the rest of the network.

LinkedIn ::: https://blog.rhbirkelund.dk/

Like what you see? - Give a Kudo ## Did it answer your question? - Mark it as a Solution 🙂

All code examples are provided as is. Responsibility for Code execution lies solely your own.
Vbrites
Getting noticed

I dont have a layer 7 firewall doing this.

I was accessing the NAS by DNS! After reading your, and other helper from this topic ("Are you accessing the SMB share via IP address?  E,g. \\192.168.0.251\"), comments I tried to access using IP (\\192.168.0.251\) and I was able to connect!

The connection to NAS by IP (\\192.168.0.251\) is working! But using DNS its not, so the computers in the lan don't get encontered automatically!

rhbirkelund
Kind of a big deal
Kind of a big deal

I'd also try and disable Windows Firewall for good measure, as a test...

LinkedIn ::: https://blog.rhbirkelund.dk/

Like what you see? - Give a Kudo ## Did it answer your question? - Mark it as a Solution 🙂

All code examples are provided as is. Responsibility for Code execution lies solely your own.
Vbrites
Getting noticed

disabling the windows defender firewall did nothing.

PhilipDAth
Kind of a big deal
Kind of a big deal

Are you accessing the SMB share via IP address?  E,g. \\192.168.0.251\

Vbrites
Getting noticed

I was accessing the NAS by DNS! After reading your, and other helper from this topic ("Are you accessing the SMB share via IP address?  E,g. \\192.168.0.251\"), comments I tried to access using IP (\\192.168.0.251\) and I was able to connect!

The connection to NAS by IP (\\192.168.0.251\) is working! But using DNS its not, so the computers in the lan don't get encontered automatically!

Vbrites
Getting noticed

People, in the MX64 VPN Client page I did not inserted a Wins Server, could my problem correlate to this? 
I acctualy dont know how to stablish a wins server and dont know if it is really important. In my searches it seems like wins server would only be important considering old  versions of windows. In my company every windows versions are Windows 10.

alemabrahao
Kind of a big deal
Kind of a big deal

Yes, configure your Internal DNS and Wins servers:

 

alemabrahao_0-1668972663157.png

 

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
Vbrites
Getting noticed

So can't I simple use Google public DNS?

BlakeRichardson
Kind of a big deal
Kind of a big deal

Google DNS won't help with internal DNS names. 

If you found this post helpful, please give it Kudos. If my answer solves your problem, please click Accept as Solution so others can benefit from it.
Vbrites
Getting noticed

Ok, thak you guys! I'll try to solve to problem in this way.

 

Could someone walk me thru the process of doing this? I finded that my synology NAS can be a DNS server, i'm seeking how to do thins.

 

So if I create a rule that leads an IP to a Domain Name suddenly thoses computers will show up in the network section of files explorer?

alemabrahao
Kind of a big deal
Kind of a big deal

@BlakeRichardson answered your question.

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
Vbrites
Getting noticed

Yeah. I mean, could someone tell me a step by step process to implement an DNS server to resolve local computers in order to be able to automaticaly find them in the network section of files explorer?

alemabrahao
Kind of a big deal
Kind of a big deal

Do you have an Active Directory?

 

https://computingforgeeks.com/how-to-install-active-directory-domain-services-in-windows-server/

 

https://learn.microsoft.com/en-us/windows-server/identity/ad-ds/deploy/ad-ds-installation-and-remova...

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
Vbrites
Getting noticed

No, I dont. Im using the meraki cloud authentication and its working for now. I also dont have an windows server, only a Synology DS220+ NAS.

PhilipDAth
Kind of a big deal
Kind of a big deal

If you don't have a DNS server now - do not set one up.  Too much effort and another box to maintain for such a small problem.

 

Instead, create a local HOSTS entry on your machine.

https://www.manageengine.com/network-monitoring/how-to/how-to-add-static-entry.html 

 

Note this important bit when you do this:

"Open your text editor in Administrator mode."

It wont work if you don't do this.

 

Once done, you should be able to ping your NAS by name when on client VPN.

Vbrites
Getting noticed

Ahh, nice! So this way I can associate an IP to an domain. But I would have to create this config in every remote access that was added to the VPN connection, right?

 

But is there a way to allow my windows to auto find those computers allowing me to just access it by the network section of files explorer? In my real local network here at home, when ever a computer is turned on I see it in the network sections in the files explorer, but it no happens to the computers across the VPN network.

Vbrites
Getting noticed

Lol I'm felling my self dumb. I'm struggling to understand if this wins function is only executed by an actual hardware windows server (like windows server 2022 OS) or if I can create an wins server service in other hardwares. Could someone save me from my ignorance?

PhilipDAth
Kind of a big deal
Kind of a big deal

In your situation, don't bother with either DNS or WINS.  WINs in particular is a very old technology.

 

Simplicity is the key, and in your case, adding one line to the local HOSTS file solves the problem and will be rock solid and reliable.

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels