Velvet Star Monitor

Standout celebrity highlights with iconic style.

updates

Accessing a Windows 10 share via Ubuntu/CIFS over OpenVPN

Writer Olivia Zamora

Goal: To access Windows 10 file shares, from Linux, over a VPN.

In this context: "server" is a simple Windows 10 machine, and "client" is Ubuntu 18.

I have an OpenVPN tunnel setup, connection seems good, can connect, ping the server, portscan provides correct results, and I can manually establish a telnet connection to port 135.

I am trying to mount a folder on linux, to the windows share, using CIFS, something I have done many times before - but not to this particular windows machine admittedly.

I am effectively using: mount -t cifs //server/share /mnt/share but the result is always:

mount: /mnt/share: mount(2) system call failed: Connection refused.

dmesg/syslog show:

CIFS VFS: Error connecting to socket. Aborting operation.
CIFS VFS: cifs_mount failed w/return code = -111

I have tried nearly all the CIFS flags I can think of, including all security options. The actual current command I am using is:
sudo mount -v -t cifs -o vers=3.1.1,username=myuser,pass=mypass,servern=WINDESKTOP,sec=ntlmssp //10.8.0.1/share /mnt/share

Windows firewall is turned off, the the share, and folder, have full permissions for the user account I am trying to use, as well as guest, anonymous login.

I installed an FTP server on the server just to triple check connectivity, works find.

Why isn't CIFS connecting? Is there any way on the windows server to see exactly what it is doing to the connection? And/or is there anyway to get greater debugging output from CIFS on Ubuntu?

Edit:
A nmap -Pn <host> portscan shows the following open ports:

PORT STATE SERVICE
135/tcp open msrpc
554/tcp open rtsp
2869/tcp open icslap
10243/tcp open unknown

Update/Solution:

The problem and a workaround were found. The answer below from @grawity alerts to the fact that server is not listening on port 445. The problem has nothing to do with OpenVPN or linux/CIFS

  1. Noted that the smb server service is not listening on port 445, this means ms_server component is not operational.
  2. ms_server is the SMB server service, this is enabled/disabled by toggling the following checkbox in a device's network settings: File and Printer Sharing for Microsoft Networks.
  3. In this case the check box was already checked. Unchecking it and checking it again, fixes the issue, server listens on port 445, and file sharing works. But only temporarily, until the next reboot.
  4. This whole issue appears to be a known problem with Windows 10, caused by a reasonably recent Windows Update
  5. I was unable to find a clean solution, or real patch to the actual issue.
  6. One short-term workaround is to create a small script that effectively "unchecks and checks the box", and run when a user logs in.

The powershell commands to workaround this issue are:
Disable-NetAdapterBinding -Name "MyVPN" -ComponentID ms_server
Enable-NetAdapterBinding -Name "MyVPN" -ComponentID ms_server

1 Answer

I can manually establish a telnet connection to port 135.

That's not the correct port (that's the RPC-EPMAP port). SMB runs on TCP port 445.

(You might also see port 139 for compatibility with old pre-Win2000 clients, which only supported SMB-over-NetBIOS. Those clients would also need NetBIOS datagram services on UDP 137–138.)

mount: /mnt/share: mount(2) system call failed: Connection refused
CIFS VFS: Error connecting to socket. Aborting operation.
CIFS VFS: cifs_mount failed w/return code = -111

"Connection refused" implies that the client received a TCP RST in response to its handshake attempt, which generally means either that the server isn't listening on that TCP port or that there's a firewall spoofing a RST in order to block the connection.

That's usually not a matter of protocol versions or security options, which are only negotiated after the TCP connection has been established.

Windows firewall is turned off

Why?

The Windows firewall is configurable: if you want to allow a protocol through it, you can create a rule to allow that protocol. (Or indeed just enable a predefined rule when it comes to allowing SMB or ICMP.)

Is there any way on the windows server to see exactly what it is doing to the connection? And/or is there anyway to get greater debugging output from CIFS on Ubuntu?

Install a packet capture tool such as Wireshark; start a capture on tun0 or the OpenVPN TAP adapter; look at what happens immediately before the TCP RST is generated.

Pay attention to whether both sides see the same packets, e.g. if the client actually receives a TCP RST, does the server show that it has sent one?

11

Your Answer

Sign up or log in

Sign up using Google Sign up using Facebook Sign up using Email and Password

Post as a guest

By clicking “Post Your Answer”, you agree to our terms of service, privacy policy and cookie policy

Similar Journal

View All

How was someone else watching my Arena battle live?

May 2026

How do subsequent playthroughs work?

May 2026

When should I use high gear?

May 2026

How do Steam Trading cards and the trade system work?

May 2026