How to Fix: OpenVPN SMB Not Working; Can't Resolve Names

Infopackets Reader Paul P. writes:

" Dear Dennis,

Thanks so much for your informative website. I have read a few of your articles on OpenVPN, and set up a free VPN connection to my home PC. Now I can connect to my personal, free VPN using my Android smartphone when I'm away from home without having to pay for a VPN service! It works so great I decided to connect my laptop to the VPN - however I am not able to resolve machine names on my network. For example, when try to access \\home-pc using Remote Desktop, it won't work. The only way I can make it work is if I enter in the IP address of the VPN server, which is 10.10.0.1. Can you help? "

My response:

I had this problem before and the simple answer is that you need to use a TAP connection on the server and client .ovpn configuration files, otherwise UNC paths (machine names) won't resolve using SMB (server message blocks). It has to do with the way that packets are created using SMB - TUN simply isn't compatible with SMB.

With that said, you must also keep in mind that if you modify your configuration files so that your \\home-pc "server" VPN configuration file is set up using a TAP interface, your Android OpenVPN will no longer work because it requires a TUN connection. TAP simply won't work on Android unless your phone is rooted.

It's a double edged sword - but it is possible to have the best of both worlds - read on!

How to Fix: OpenVPN SMB Not Working; Can't Resolve Names

To get around this problem, you can create two OpenVPN server configuration files - one that uses TUN for your Android phone and the other which uses TAP for your Windows machine(s).

This is how I have mine set up and it works when resolving UNC paths on any Windows device connected to the VPN, plus I can still connect to my VPN using my Android phone (but machine names won't resolve). To set this up you will also need to create additional TAP virtual ethernet adapters to use more than one VPN 'server' configuration file on the \\home-pc. Note that the 'TAP virtual ethernet adapters' work for either TUN or TAP configurations.

Resolving Other UNC Paths on the Home Network Remotely

It's worth noting that you won't be able to resolve UNC paths to other Windows machines on your home network when using the VPN from the laptop's desktop. However, it will work fine if you RDP into the \\home-pc and then access UNC paths that way.

Let's look at an example. If you connected to the VPN and tried to access \\home-pc, this will work fine from the laptop's desktop screen via "My Computer" or "This PC" - providing you're using a TAP connection to your VPN server.

Now, if you try and access \\media-pc (which also resides at home on your home network) - it won't resolve from the laptop via "My Computer" or "This PC" because \\media-pc isn't connected to your VPN. The solution here is to either RDP into the \\home-pc and resolve the UNC path that way, or create another VPN server configuration file for \\media-pc on another subnet (say, 10.11.0.1) and connect to it using a separate .ovpn TAP client file. The second option will resolve the UNC path from the laptop directly via "My Computer" or "This PC".

I hope that helps!

Additional 1-on-1 Support: From Dennis

Do you need help setting up a secure, remote VPN connection remotely on your laptop or smartphone? OpenVPN is a fantastic way to connect to a remote computer (for example: your home office PC). Configuring such a setup isn't always easy and can be technical as you can see by my answer. If you need help setting up a secure VPN connection, I can assist using my remote desktop support service. Simply contact me, briefly describing the issue and I will get back to you as soon as possible.