Menu

Show posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Show posts Menu

Messages - JMini

Pages1
#1
25.7, 25.10 Series / Re: Wireguard & LAN-LAN SMB
Today at 02:50:57 PM
I'm looking into that now.
I can access SMB on QNap-LAN2 from LAN2 and can access SMB on QNap-DMZ4 from LAN2. No problem.

Since I can ping and Telnet from WireGuard to QNap-DMZ4 I think the firewall is working correctly.
In the QNap logs, I can see the connection authorization from the WireGuard IP. It says "xxxx Logged in". So communication is working and authentication is happening.

I'm focusing on the QNap share permissions as a likely culprit.

I appreciate you poking your head in with some feedback.
#2
Virtual private networks / Re: Wireguard & SMB access from Win.
Today at 01:31:11 PM
What did you do to solve your problem?
I'm having a similar issue using WireGuard and a QNap SMB share
#3
25.7, 25.10 Series / Re: Wireguard & LAN-LAN SMB
Today at 12:50:50 AM
Update:
I can Telnet to QNap-DMZ4 from the WireGuard connected PC.
#4
25.7, 25.10 Series / Re: Wireguard & LAN-LAN SMB
November 17, 2025, 10:49:56 PM
I connected a laptop to the internet through my cell phone and connected the Wireguard VPN so the PC is completely separated from my home network.

FW Rules:
WireGuard Net any,any,any,any Pass

Outbound NAT
Interface DMZ4, Source WireGuard net, Dest DMZ4 net

I can ping QNap-DMZ4 when connected.

I get authentication errors when trying to connect to QNap-DMZ4 using windows explorer.
Outbound NAT rule ON or OFF. Same authentication error
#5
25.7, 25.10 Series / Wireguard & LAN-LAN SMB
November 17, 2025, 09:52:32 PM
New to OPNSense and this is my first post. Coming from Astaro/Sophos UTM.
I have a 6 port firewall appliance (Topton)
I also have a QNap NAS with 2 ports (one on the LAN2 network and the other on the DMZ4 network)
These are just named based on their subnet. 10.10.20.0/24 for LAN2 and 10.10.40.0/24 for DMZ4
For this let's call its network connections Qnap-LAN2 and QNap-DMZ4
The QNap gets assigned DHCP addresses from hosts definitions so they're always the same.
So far most things work great. DNS, internet connectivity, etc.
I have WireGuard set up and clients can connect.
I can connect to QNap-LAN2 from computers on the LAN2 network. No sweat.
I have FW rules to allow LAN2 & WireGuard addresses to the DMZ4 network.
I can ping QNap-DMZ4 from my PC on LAN2. (All of this using IP addresses, not host names)
However I have some questions regarding 2 things.
1 Allowing SMB access w/user&PW authentication to the QNAP-DMZ4 from the LAN2 network
2 Allowing SMB access w/user&PW authentication to the QNap-DMZ4 from the WireGuard network

Issue 1: An issue I have is that, If I create a Masq rule (outbound NAT) such that traffic from LAN2 to DMZ4 is masqed to the DMZ4 interface address and it's placed before the LAN2-to-WAN masq, I get a windows explorer message that denies access to QNap-DMZ4 from my LAN2 windows PC due to authentication. If I disable that Masq rule, it instantly accepts authentication and I can browse folders on the share. If I then re-enable the masq rule, it continues to work. Is there any need for inbound SMB traffic to look like it's on the same subnet?

Issue 2: I guess this would apply to the WireGuard connections as well.

Thanks in advance.
Pages1