> I posted the problem below on the FreeS/WAN users list and got a number of > replies including agreement from others who have tried, but no one said > "Hey I have NT (SMB) running across an IPSEC VPN". The best suggestions I > got were to create a WINS (SAMBA) server on the remote side. I agree that > should solve the problem, but when one talks about adding potentially > hundreds of new SAMBA servers to a domain with trust relationships to > thousands of servers this presents a big problem. > > The setup is simple: one or many Windows PC on the remote end, dozens of > NT domains on the local end, and DCD-Cisco Router > in between. Has anyone here at LEAF gotten SMB networking to propagate > properly through an IPSEC tunnel? I can map drives and access file shares. > It is s l o w but it works. What I can't do is view network browse > lists, do network printing, in short almost the entire gamut of SMB. > > WINS information is passed by the DHCP server to the PCs. I have tried > putting server info in LMHOSTS files. None of it helps. Has anyone solved > this problem before?
I have network browsing working across my IPSec VPN. I use dhcp to configure my windows boxes, and point them to a WINS server on the far side of the VPN (while also setting hybrid name resolution protocol, so my local network falls back to broadcast name resolution if the VPN is down). All local machines are part of the remote domain (PDC & BDC are at the far end of the VPN). Your problem is *NOT* related to the VPN...it's related to trying to network windows ACROSS A ROUTER. Yes, Microsoft's "Enterprise ready networking" doesn't work properly if you have multiple broadcast domains (kind of makes you wonder what kind of "enterprise" they're running out in Redmond). Anyway, there are multiple ways to solve this problem. I'm no expert, but some of the options I've heard about include: MS Solutions (can work with SAMBA as well): - NT Server (or current equivelent) running on *EACH* subnet, configured to talk to each other & exchange browse info. - Remote systems join local domain (what I've got setup) - Broadcast packets are tunneled through the lan (Microsoft's L2TP, or Layer 2 tunneling protocol...layer 2 is physical ethernet, and MS came out with L2TP to allow ethernet broadcast packets to cross the WAN). Samba only solutions: - Setup SAMBA servers at both ends, configured to exchange/forward browse & name resolution information. This is the *ONLY* way to get workgroups to browse across a router...all Microsoft solutions *REQUIRE* domains and multiple NT Server boxes (hmm...it's almost like they sell serever liceses or something :) The generic term for what you want is called "cross subnet browsing". Standard internet searches will turn up *LOTS* of information on this. I have found the SAMBA documentation to be far better than the Microsoft information on this front. The SAMBA folks tend to explain *EXACTLY* what's going on, and what you can do to get the results you want, where the MS documentation basically says "buy this MS VPN Product, and everything will work", although there are lots of pretty network diagrams with NT servers everywhere... Oh...and whatever you wind up doing, there's probably going to be a 1-??? hour synchronization delay for new resources to be detected and "browsable", that just comes with the territory. Good thing those MS boxes don't have to be rebooted very often... <NOTE: Portions of the preceeding contain sarcasm, just in case your sarcasm detector is broken :> Charles Steinkuehler http://lrp.steinkuehler.net http://c0wz.steinkuehler.net (lrp.c0wz.com mirror) _______________________________________________ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
