User profile for user: j_lundqvist
j_lundqvist Author
User level: Level 1
24 points

Accessing shares over VPN: AFP works, but not SMB

I have a Mac mini in a closet at home with some network shares active. I also run a VPN server (on another machine) that allows me to connect remotely and access my home network.


Connecting though the VPN everything but accessing SMB shares works just fine: I can ping computers on my home network, I can connect to them though VNC and I can mount AFP shares.


However, as MacOS has moved away from AFP shares, so have I. Newer volumes using APFS are only shared using SMB and here's where my troubles start. When I'm at home, SMB mounts just fine, but trying to connect through the VPN, they time out. Mounting AFP volumes works without problem.


Does anyone have an idea of what I could try? It seems like I would be working, right? The VPN is set to allow all ports.

Mac mini, macOS 10.14

Posted on Feb 18, 2022 8:08 AM

Reply
Question marked as Top-ranking reply
User profile for user: James Brickley
James Brickley
User level: Level 5
5,686 points

Posted on Feb 18, 2022 11:21 AM

There is a command line tool called 'smbdiagnose' that will capture the logs and network pcap logs and if you specify the -s option a whole lot of detail about your hardware and operating system. When running the utility it starts a network capture which is when you will attempt to connect to the SMB shares when the timeout completes, you press CTRL+C in the Terminal to complete the network capture and it will generate a compressed 'smbdiagnose.tar.gz' file on your desktop. Double-click it and that will expand the files into an smbdiagnose folder.


If you have the technical knowledge to read a pcap network dump and analyze it, you might discover the problem. If not, you can call Apple Support and send them the smbdiagnose.tar.gz likely generated with the '-s' option to include output from the sysdiagnose command. You can read the pcap file with this command (or you could open it in WireShark an open source packet analysis tool):


tcpdump -r ~/Desktop/smbtcpfile.pcap1 | less


I would run the smbdiagnose at home where it's working and again over your VPN. Then compare the pcap results. It would be best to run as few things as possible while performing the capture with the smbdiagnose command. Close all apps and background agents / daemons except for your VPN. Disable all sharing, etc. The less traffic you have to sift through in the pcap the better. You will still capture a ton of data that would be irrelevant.

View in context

Similar questions

1 reply
Question marked as Top-ranking reply
User profile for user: James Brickley
James Brickley
User level: Level 5
5,686 points

Feb 18, 2022 11:21 AM in response to j_lundqvist

There is a command line tool called 'smbdiagnose' that will capture the logs and network pcap logs and if you specify the -s option a whole lot of detail about your hardware and operating system. When running the utility it starts a network capture which is when you will attempt to connect to the SMB shares when the timeout completes, you press CTRL+C in the Terminal to complete the network capture and it will generate a compressed 'smbdiagnose.tar.gz' file on your desktop. Double-click it and that will expand the files into an smbdiagnose folder.


If you have the technical knowledge to read a pcap network dump and analyze it, you might discover the problem. If not, you can call Apple Support and send them the smbdiagnose.tar.gz likely generated with the '-s' option to include output from the sysdiagnose command. You can read the pcap file with this command (or you could open it in WireShark an open source packet analysis tool):


tcpdump -r ~/Desktop/smbtcpfile.pcap1 | less


I would run the smbdiagnose at home where it's working and again over your VPN. Then compare the pcap results. It would be best to run as few things as possible while performing the capture with the smbdiagnose command. Close all apps and background agents / daemons except for your VPN. Disable all sharing, etc. The less traffic you have to sift through in the pcap the better. You will still capture a ton of data that would be irrelevant.

Reply

This thread has been closed by the system or the community team. You may vote for any posts you find helpful, or search the Community for additional answers.

Accessing shares over VPN: AFP works, but not SMB

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple Account.
Learn more Sign up