Public nas

louis · December 20, 2020, 9:59pm

Hi, I tried this : ISP to wan port and USB key plugged in
I have a public IP (no need of DNS) , I translated ports in ISP ( I chose to link the MAC address of the GL-Inet to a fixed local adress : 192.168.0.50, no use of DHCP)
I use CX-explorer in samsung phone, selecting :
SMB , ,, user=root, pass=the one used to login in admin page.
But I get “cannot connect”. I tried both “AP” and “Router” modes with no success
As I see in forums and docs, that people always work with 192.168… maybe working with public IP is not possible ?
Can someone help ? thx

asdffdsa1122 · December 20, 2020, 11:57pm

hello,

you are trying to access a smb share over the internet?

louis · December 21, 2020, 3:31pm

Hi, Yes , is it possible ?

asdffdsa1122 · December 21, 2020, 3:54pm

a windows smb share or a linux samba share?

either way, sounds like a very dangerous thing to do.

when i need access something inside the lan, i use vpn or ssh.

Johnex · December 21, 2020, 3:56pm

I’m not sure but i think the firewall blocks Samba to only inside the network, even if you open a port. This is because as @asdffdsa1122 wrote, it is very very dangerous to open Samba to the internet. You want to set up a VPN or a so called poor mans VPN, ie tunneling specific ports via SSH.

louis · December 21, 2020, 7:07pm

Hi all

What I understand is the use of VPN in GL.inet is:

user device with VPN client by WIFI (or cable) —> GL.inet with VPN server —> WAN —> internet
or:
user device by WIFI (or cable) —> GL.inet with VPN client —> WAN —> internet —> VPN server —> internet

So it is not my case since I want the user device to access first to internet before access to GL.inet
?

mozarella · December 21, 2020, 7:42pm

Normally the use of VPN is to have local network at home (or office). There’s also a router and VPN-Server. When people are outside of home, they can use VPN-Client to connect to VPN-Server at home (or in office) and then have access to local ressources like smb shares or ssh.
So i’m using a mango router in my home network like a normal PC running wireguard vpn server and another mango router for outside my home to connect to wireguard at home. Also wireguard clients are running on iphone, ipad and notebook running linuxmint. So i can have access to my home network everyhwere i want.
So i also could use smb-share of my NAS as server over vpn and mount this smb-share. But smb is not made for internet connections and it’s quite slow, because of lots of overhead.

I don’t understand the meaning of “So it is not my case since I want the user device to access first to internet before access to GL.inet”
do you also have another internet-router?

asdffdsa1122 · December 21, 2020, 8:05pm

on the gl-inet router, setup a vpn server
on the client, somewhere on the internet, connect ot the gl-inet router using the vpn.

louis · December 27, 2020, 10:01pm

Hi all
@mozarella: I have only the gl_inet plugged behind my dls box (which acts as router) , with a port translation
I hoped it was enough for accessing data in USB plugged in the gl_inet, with SMB protocol

@asdffdsa1122: when I set the mode VPN server in the gl_inet (openVPN) , it forces its IP address like 10.0…
(and I dont understand why this is forced …)
This I cannot access from the internet since the port translation in my dls box can only address addesses like 168.192.0.x
So when I set a VPN client in my android phone, and I target my DSL public internet address, it does not find anything (logical)

It looks like I dont understand anything of this gl-inet (and in fact I am beginner )

asdffdsa1122 · December 27, 2020, 10:08pm

hi,
if possible, i would convert the dsl router into a modem, somethings called a straight-thru-bridge.
i have done that over 100+ times over the years.

if you cannot do that, a port forward should work, but you might need to make some changes to the openvpn config.

on the dsl router, how did you setup the port forwarding?

can you be specific, which ip address?
post a screenshot.

mozarella · December 28, 2020, 8:09am

IP-address like 10.0.x.x is used in several VPN configurations. I’m using wireguard and so this kind of IP-address is also used there. But you need to seperate this from your normal LAN-IP-segment. your router will have 192.168.x.x as ip in your local network. 10.0.x.x is used as overlay network for VPN only. I can access my local machines through VPN when i’m using the normal local IP-addresses like 192.168.x.x and i don’t need to use 10.0.x.x.

asdffdsa1122 · December 28, 2020, 9:17pm

yes, you are correct.

however, the issue i was was discussing is that the dsl router is doing nat, and thus the need for a port forward.
if there is scary double-nat, then the openwrt router will not have a public ip address on the wan, instead will have a private ip address from the dsl router.
if true, the openwrt router will need a custom server and client config files, to have the public ip address of the dsl router, not the fake public ip address of the openwrt router.
each client config has a line such as
remote abcd1234.ddns.net 1194 udp
and i think in this case the default client config might look like
remote 192.168.1.2 1194 udp
so the need to tweak the client config file.

@Johnex will know…

Johnex · December 28, 2020, 9:37pm

@asdffdsa1122 Putting me on the spot

But yes. Since he has not changed anything in the GL router, and it’s connected to his DSL router, he currently has a Double NAT (ie double firewall).

First of all, since you are using a GL Router, please use Wireguard as the server. Wireguard will just work, you will have better performance, and you will be able to just enter the IP for any device connected to the GL router from the Wireguard client you connect with.

Second, since you have 2 firewalls, you will need to port forward on your DSL router, opening the default Wireguard port which is 51820 with the UDP protocol. The GL router will open the port for it’s firewall automatically when you start the Wireguard server. Just remember each client must have it’s own configuration you generate in the UI, and you can’t use the same config on 2 devices at the same time.

As @asdffdsa1122 said, you can also use the GLDDNS (it is in the UI under Remote Access → Dynamic DNS), so you get a hostname you can use on the client side, you will need to replace the IP in the Wireguard config you generate for each client with the DDNS hostname, that way if your IP ever changes (which it will most probably) you will always have access.

Remember clients on your network will need to connect to the GL router and not your DSL router, if you want to be able to access them via Wireguard.

asdffdsa1122 · December 28, 2020, 9:41pm

johnny on the spot

asdffdsa1122 · December 28, 2020, 9:50pm

thanks, but you might want to take back that like after reading this

here in NJ, USA, johnny on the spot is this
Rent Portable Toilets from Johnny on the Spot

Johnex · December 28, 2020, 9:51pm

Porta potty

louis · January 5, 2021, 9:34pm

Hi all,
I succeeded in what I wanted : reading a USB plugged on gl.inet thru the internet
I was just wrong on the port toward gl.inet in my DSL box : i was used 80, but it needs 445 for SMB
Now I can see content of the USB everywhere on my phone with SMB
By the way, for what I do , use of VPN seems of no need (as none is connected to the gl.inet except the cable to DSL)

About VPN, It I cant see how it can run together with SMB. It looks like is is reserved to target IP adresses , and what you say, Johnex, is about devices connected to the LAN port of the gl.inet , not SMB via USB …?

Johnex · January 5, 2021, 10:03pm

The VPN client will connect to your router which is the VPN server, and SMB is running on the router, so you just connect to the router IP to access the files on the VPN client windows explorer, or whatever you are using for SMB.

\\192.168.8.1\<share>