Cannot access SMB share from Windows 10 via OpenVPN Connect

I'm sure this problem must have been solved a thousand times but nothing I do seems to work.

Summary: On Windows 10 client, using file explorer, and OpenVPN Connect client 3.3.4, can't access a NAS via SMB on which OpenVPN server (2.4.11 arm-openwrt-linux-gnu) is running.

Works:

• Can connect to SMB share via Windows 10 file explorer when on the LAN (not using OpenVPN) using guest access (no user login prompt)
• OpenVPN Connect client connects to OpenVPN server and can access LAN web servers, ping machines, etc
• Can connect to port 445 on NAS via raw TCP connection
• Can access the NAS files via SMB using Android OpenVPN Connect and an SMB file browser using SMB guest access

Doesn't work:

• Connecting to SMB share from Windows 10 file explorer. Prompts for a user/pass (it shouldn't, though it indicated a successful connection the TCP level at least). Fails whatever username is used

Tried on the Windows 10 client (including various combinations):

• Made the adapter OpenVPN client creates into a Private Network via gpedit.msi
• Turned on File Sharing and Network Discovery for Public networks

Tried on the NAS:

• Created an SMB user and tried logging in with that
• In OpenVPN server setting, force all traffic via VPN (to ensure Windows wasn't bypassing VPN when trying to establish SMB connection)
• Ensured SMBv1 is disabled

So, it seems like a problem either on the OpenVPN client config or Windows is being "clever" and "protecting" me, but nothing I do enables me to access the SMB share on the NAS via OpenVPN.

UPDATE: Defininately a Windows problem. On the same Windows client machine, tried a Linux VM, with OpenVPN connected in the host and the VM using this connection, then in the file manager (KDE Dolphin) accessing smb://192.168.0.1 works no problem. So why doesn't it work in the Windows host? Why does it keep asking for a user/pass?

UPDATE: Well, according to Windows diagnostics, apparently "SMBHelperClass LowHealth diagnosis status 1 [DS_CONFIRMED] HRESULT 0 [64 ms] description: Your user account doesn't have permission to access "disk". Which is nonsense, it's accessible as a guest with no user/pass.

For posterity's sake, is was caused by an apparently well-known Windows security feature which disallows guest access using SMB2. I thought is was an SMB server or OpenVPN problem (hence asking on ServerFault instead of Superuser). Quite why it worked fine on the LAN but not over OpenVPN is a mystery. Perhaps if the Windows client sees the guest access is to a SMB server on the same LAN it'll allow it, otherwise not.

Anyway, solution is to add AllowInsecureGuestAuth key with value 1 to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Parameters AND enter a random username (Window still asked for username/password even though there is none).