OpenVPN is public network and access to SMB share doesn't work

Hello, i still didn't found solution for this.

I have some Linux servers with latest versions of OpenVPN and some OpenVPN clients. OpenVPN works just fine, access from Linux or Windows 7 clients too. There is no problem. I am very sure Samba, firewall and OpenVPN server are configured correctly.

Problem is with Windows 10 and i am not sure when it started, maybe after some last update. I don't know.

Problem is - the network through virtual network adapter "TAP-Windows Adapter V9" is always identified as public and there is no user accessible option how i can configure it as private network.

I found command for powershell in this thread (Set Network Location to Private or Public in Windows 10 | Windows 10 Tutorials), but it doesn't help permanently and it doesn't enable access to SMB share anyway. I can even reconfigure all unknown networks in secpol.msc as private, which i believe is very insecure behavior, but for testing i tried it. It didn't help either.

I have for testing two notebooks and one virtual installation (QEMU). On one notebook access to Samba share works just fine, on virtual and second notebook it does't. It is same OpenVPN, same key for notebooks (why not if they are not connected at a same time) and different key for virtual.

I am using OpenVPN GUI, which is running as W10 service under system priviledges. I have set DNS and route by push parameters in OpenVPN config on server, i have propper server key verification. There is no warning in OpenVPN log.

When access to the SMB share doesn't work, W10 displays error message "0x80004005" which i beleive means it is blocked by local W10 firewall, because "Network discovery" is disabled for public networks.

In one case i tried explicitly allow all trafic from and to the IPv4 address of my server in VPN for all protocols. It didn't help either.

On virtual is no additional firewall/antivirus. On one of notebooks, which does'n work, is installed AVG, but without firewall module.


Question is
- how i can override this behavior?
- how i can tell W10, my OpenVPN network is safe and private?
- how i can do more diagnostics? Wireshark? What i should investigate?

I did more investigation on OpenVPN client in W10 32bit virtual, because it is almost clean default installation of W10. There never been antivirus other than Microsoft Deffender, only several applications which should not affect anything about network.

I have for testing two OpenVPN servers, let's name them First and Second, both connection works in that level i can ping through VPN to the server and access to other protocols.

Both OpenVPN servers, and all clients running latest stable version 2.4.6.

In First VPN SMB still doesn't work.

In Second VPN SMB works perfectly.

In First VPN are TCP ports 137, 138, 139, 445 forwarded from VPN to other older machine. But it works on other W10 client through OpenVPN and some local W10 clients, then i was believe it is all configured properly. It runs SAMBA 3.6x.

In Second is running SAMBA 4.5.x on the server directly, available only in VPN.

And it is the problem. Older SAMBA is not too old (it is patched) to not be able work with W10, but there was set option for WXP, to be able login- Fortnatelly, WXP are no longer needed in that network, but that option was forgotten in the configuration.

Anyway...

Problem was with option "max protocol = nt1", should be "max protocol = smb2", and maybe some others

Yes, i know it was insecure. But it is very small network, with only few computers, mostly older ones.

I still blame stupidity of W10, because it should say something like "ERROR, old insecure protocol", not just display generic and universal error message which can occurst in thousand other situations. Diagnose button never help.



And mark OpenVPN network as public it is weird too. It is totally opposite, We are using VPN's almost always to be private, aren't we?