Friday, 24 February 2017

Samba over OpenVPN

Another thing that I need to write down before I forget.

I wanted to set up access to my home server via Samba that would work both at home through local network that the server is on and remotely, through OpenVPN connection to the server.

While the OpenVPN part is fairly easy to set up, the transparent file access unfortunately is not. I wanted to use a TUN interface for the VPN to lower the overhead on the already slow connection, so the traditional service discovery methods like Avahi did not work. I also didn't want to set up a dedicated DNS server, as it seemed an overkill for this task.

The solution I came to was quite simple and effective. Since all I needed was connection to a single server, I just decided to dynamically change the /etc/hosts file upon connection.
Fortunately, OpenVPN clients for all operating systems are able to run custom scripts on connect / disconnect. For the following, nas is my server hostname and *** is the name of the OpenVPN configuration file.

When this is done, the same nas hostname will be accessible using service discovery while on local network and by using the hosts file record while connecting remotely. Since the hostname remains the same, all references such as network drives and Quick Access folders will still work.

MacOS with Tunnelblick

1. Create with the following content:

echo " nas" >> /etc/hosts

2. Create with the following content:

sed -i ""  "/" /etc/hosts

3. Put both scripts in ~/Library/Application Support/Tunnelblick/Configurations/***.tblk/Contents/Resources/


Use the same scripts as above, but include them in the openvpn configuration by setting --up and --down options respectively.

Windows with the official OpenVPN client

1. Create ***_up.bat with the following content:

echo nas >> %windir%\System32\drivers\etc\hosts
exit /b 0

2. Create ***_down.bat with the following content:

cd %windir%\System32\drivers\etc\hosts
findstr /v "nas" hosts > hosts2
del hosts
move hosts2 hosts
exit /b 0

3. Put both in the same folder as the ***.ovpn configuration file.

4. Make sure the OpenVPN GUI is launched as administrator, otherwise the scripts won't get executed with proper permissions and will fail to run.

No comments:

Post a Comment