After using WireGuard to VPN into my LAN, I can use RDP or SSH+VNC to control machines on my LAN. I am able to reach them via IP or by host.domain.private
for remote control, but I cannot browse to
\\host.domain.private\share
for the same machine to access its network share.
You said it’s a different subnet. Where is wireguard hosted?
Is the file share on the same machine you are rdping to?
Have you checked the local firewall? Iirc, windows will restrict with its firewall certain things like file shares to only it’s local subnet while exposing esp to all subnets.
If it’s a windows machine, test turning off Windows firewall. If it works, then turn the firewall back on and fix the settings
WireGuard is on the router.
Yes, share and RDP are the same machine.
I’ll look at the firewalls (router and machine).
Go to the basics, try by Wireguard IP. If that works, then it’s a DNS issue (resolving the name to the Wireguard IP). Which I admit wouldn’t make sense since you can RDP via name. But it’s where to start.
My assumption is you’ve somehow only permitted the RDP/VNC protocols through Wireguard.
Also, give us some info - we have no idea what OS you’re using, we can assume you’re using SMB/CIFS, but is everything Windows, or Linux?
I have pretty much everything. iOS, Mac, Linux clients for RDP. Windows, Mac, and Linux hosts.
\\IP\share
doesn’t work eitherI can’t remember if I tried
\\hostname\
instead of FQDN.My WireGuard IP pool is a different subnet than my LAN, so it could be that, but I’m not sure why RDP would work. Now that I’m spelling this all out: in the back of my head, I’m wondering if this is a NetBIOS issue.
I prefer using a different IP pool than my LAN, otherwise you can run into routing issues (same IP on 2 segments).
If using the Wireguard IP doesn’t work, then something is blocking SMB specifically (from memory that’s UDP 137,138 and TCP 137,139, 445. Double check that).
I don’t use Wireguard directly, but Tailscale, which uses Wireguard, and I’d have to specifically block those.
Try doing a trace (tracert on Windows) of the destination address (in both directions) to see where traffic goes.
On Linux you can traceroute the SMB ports, on Windows nmap.exe can effectively do the same thing.