I have not had any issues with this for years, and for the life of me have no idea what may be happening.
I have wireguard running on pfsense. It has been for many years. Recenly I upgraded to both the latest version of pfsense CE, and latest version of truenas scale. I am not sure the last time this was working, I may have been on truenas core still but I doubt it… hard to say for certain as I don’t routinly try and access SMB shares over my VPN connection.
All of that said, I can ping, SSH into, use webUI’s etc of services on the same subnet as the truenas SMB share. I can try and ping the smb IP, and I get Request Timeouts. If I SSH into any of the servers on the same subnet as the SMB Share, I can ping the SMB IP and get responses without issue.
I can get to all of my homelab WebUI’s just fine (including truenas), can SSH into all of my VM’s (including truenas), I just can’t seem to get to the SMB shares on any of the subnets truenas has bound SMB shares to.
Of note, I do not have a NIC in truenas for my VPN subnet, so I dont have SMB bound to the VPN subnet (but, I had never had this, nor would I think it needs to be, should be able to access the SMB share regardless of which subnet I am on assuming traffic can pass). Seeing as I can SSH and ping everything else on the subnet except the SMB shares, I am lead to beleive my pfsense rules didn’t get borked…
I don’t see anything here that would make me believe this was causing the issue, but I can’t even ping the IP, so it seems like at an OS level truenas is regecting the connections.
I don’t have any docker containers running, and from my googleing it looks like docker on truenas is using the typical 172.17.0.0/16 subnet. My VPN subnet is 10.1.15.4/24 so no conflict there.
In my SMB settings, I do have SMB bound to these subnets, but to my understanding, that only means truenas is presenting SMB over these interfaces, not that it would ALSO be blocking incomming connection from subnets that are not equal to these, correct? If a device can communicate with either of these subnets via firewall rules, SMB should work… right?
I watched this video https://www.youtube.com/watch?v=MZf2rOnQ4jc and there is wireguard configuration file when if the AllowedIPs is 0.0.0.0 it will allow access to everything. I do not use wireguard but I noticed this. Maybe it might help.