Hello List,
I have a problem with mounting NFS shares over a VPN connection. The odd thing is that when originally setting it up, I had the same problem, but after leaving it overnight, it started the following morning.
Since then, the machine has died and been rebuilt with the original config files copied over from the original working config and reinstalled. The setup is a follows:
Lan: 1 Synology 12 bay NAS with NFS installed.
1 Linux based Router using Shorewall as the firewall config tool and Wireguard as the VPN
Wan (via VPN):
1 Server running Wireguard VPN, Shorewall as the firewall config tool
Attempting to mount the shares on the Synology NAS using NFS4 produces the following message "mount.nfs: mounting 192.168.0.32:/volume1/ITFiles failed, reason given by server: No such file or directory". Using NFS3, the error changes to "mount.nfs: access denied by server while mounting 192.168.0.32:/volume1/ITFiles".
Now, the first thought was that somewhere along the line, one of the firewalls may have been blocking the NFS connections so on the Synology, I enabled NFSv4, locked statd and lockd to specific ports and opened the firewall at both ends in shorewall using the following lines:
Local end firewall/router:
ACCEPT vpn:10.33.0.3 lan tcp 111,892,2049,32768,32769 -
ACCEPT vpn:10.33.0.3 lan udp 111,892,2049,32768,32769 -
ACCEPT lan vpn:10.33.0.3 tcp 111,892,2049,32768,32769 -
ACCEPT lan vpn:10.33.0.3 udp 111,892,2049,32768,32769 -
WAN end server behind firewall:
ACCEPT $FW vpn tcp 111,892,2049,32768,32769 -
ACCEPT $FW vpn udp 111,892,2049,32768,32769 -
ACCEPT vpn $FW tcp 111,892,2049,32678,32679 -
ACCEPT vpn $FW udp 111,892,2049,32678,32679 -
Using Telnet on the remote server, I can access the open ports on the Synology box:
[root@remotesite ~]# telnet 192.168.0.32 2049
Trying 192.168.0.32...
Connected to 192.168.0.32.
Escape character is '^]'.
And the result is the same for all ports linked to NFS in the firewall settings above, suggesting that the firewall and VPN are both functioning correctly.
To test the functionality of NFS, I've run the following command with the associated results:
showmount -e 192.168.0.32:
/volume1/ITFiles 10.33.0.3,192.168.0.252
/volume1/History 10.33.0.3,192.168.0.252
Oddly, the NAS share called history, actually does mount correctly despite being set up the same way as the drive that fails.
/volume1/History 10.33.0.3,192.168.0.252
and appears in mtab as:
192.168.0.32:/volume1/History /mnt/history nfs4 ro,relatime,vers=4.1,rsize=131072,wsize=131072,namlen=255,hard,proto=tcp,timeo=600,retrans=2,sec=sys,clientaddr=10.33.0.3,local_lock=none,addr=192.168.0.32 0 0
so in all honesty, I'm running out of ideas. If all were not working I could understand it. It's the fact that showmount shows the available shares and history mounts but all the others throw the same error.
Any suggestions would be most welcome.
Oddly, there is another share on the NAS called history, that actaully does mount correctly despite being set up the same way as the drive that fails.
/volume1/History 10.33.0.3,192.168.0.252
Thanks in advance.
I have a problem with mounting NFS shares over a VPN connection. The odd thing is that when originally setting it up, I had the same problem, but after leaving it overnight, it started the following morning.
Since then, the machine has died and been rebuilt with the original config files copied over from the original working config and reinstalled. The setup is a follows:
Lan: 1 Synology 12 bay NAS with NFS installed.
1 Linux based Router using Shorewall as the firewall config tool and Wireguard as the VPN
Wan (via VPN):
1 Server running Wireguard VPN, Shorewall as the firewall config tool
Attempting to mount the shares on the Synology NAS using NFS4 produces the following message "mount.nfs: mounting 192.168.0.32:/volume1/ITFiles failed, reason given by server: No such file or directory". Using NFS3, the error changes to "mount.nfs: access denied by server while mounting 192.168.0.32:/volume1/ITFiles".
Now, the first thought was that somewhere along the line, one of the firewalls may have been blocking the NFS connections so on the Synology, I enabled NFSv4, locked statd and lockd to specific ports and opened the firewall at both ends in shorewall using the following lines:
Local end firewall/router:
ACCEPT vpn:10.33.0.3 lan tcp 111,892,2049,32768,32769 -
ACCEPT vpn:10.33.0.3 lan udp 111,892,2049,32768,32769 -
ACCEPT lan vpn:10.33.0.3 tcp 111,892,2049,32768,32769 -
ACCEPT lan vpn:10.33.0.3 udp 111,892,2049,32768,32769 -
WAN end server behind firewall:
ACCEPT $FW vpn tcp 111,892,2049,32768,32769 -
ACCEPT $FW vpn udp 111,892,2049,32768,32769 -
ACCEPT vpn $FW tcp 111,892,2049,32678,32679 -
ACCEPT vpn $FW udp 111,892,2049,32678,32679 -
Using Telnet on the remote server, I can access the open ports on the Synology box:
[root@remotesite ~]# telnet 192.168.0.32 2049
Trying 192.168.0.32...
Connected to 192.168.0.32.
Escape character is '^]'.
And the result is the same for all ports linked to NFS in the firewall settings above, suggesting that the firewall and VPN are both functioning correctly.
To test the functionality of NFS, I've run the following command with the associated results:
showmount -e 192.168.0.32:
/volume1/ITFiles 10.33.0.3,192.168.0.252
/volume1/History 10.33.0.3,192.168.0.252
Oddly, the NAS share called history, actually does mount correctly despite being set up the same way as the drive that fails.
/volume1/History 10.33.0.3,192.168.0.252
and appears in mtab as:
192.168.0.32:/volume1/History /mnt/history nfs4 ro,relatime,vers=4.1,rsize=131072,wsize=131072,namlen=255,hard,proto=tcp,timeo=600,retrans=2,sec=sys,clientaddr=10.33.0.3,local_lock=none,addr=192.168.0.32 0 0
so in all honesty, I'm running out of ideas. If all were not working I could understand it. It's the fact that showmount shows the available shares and history mounts but all the others throw the same error.
Any suggestions would be most welcome.
Oddly, there is another share on the NAS called history, that actaully does mount correctly despite being set up the same way as the drive that fails.
/volume1/History 10.33.0.3,192.168.0.252
Thanks in advance.
