The problem I have is that I am looking at LEAF as an option for small
offices, warehouses, etc. to access resources on corporate networks. I deal
with quite large enterprises. One of them has a huge network of over 25,000
servers in dozens of domains, all with trust relationships. Users want to
be able to run logon scripts which will map their most commonly used
drives, but also to browse this huge network so they can find and access
other resources anywhere in the world. It all makes for a rather large
complicated browse list.
It is a tough first routed SMB problem to solve, but once I get it working
other networks should be a bit easier.
I have to say that Charles experiences and expertise make this job a whole
lot easier. Thanks Charles.
Best Regards,
Roger McClurg
[EMAIL PROTECTED]
Brock Nanson
<bnanson To: [EMAIL PROTECTED]
@true.bc.ca> cc: Roger E McClurg/CEG/CSC@CSC
Subject: RE:[Leaf-user] NT networking
over LEAF IPSEC VPN
04/19/2002
06:01 PM
Roger,
I may have been one of those who replied on the FreeS/WAN list. Your
posting has actually prompted me to revisit the whole issue. In brief,
I think I said that the transfer speeds were fine so long as WINS and
browsing was left out of the equation. At least that seems to be the
case. However, as you know, this precludes using network neighbourhood.
Do you need free run of network neighbourhood, or could you get by with
several mapped drives? These could be done automagically with a logon
script.
If you want to do some testing, contact me off-list and we can set up a
tunnel to try some of these things if you like (samba, wins, browsing
etc.). I have a LEAF gateway at home, but don't really want to mess
with the production ones with these tests!
I'm suspicious that some of the speed trouble may be related to the way
smb works. If you look at the man page for dhcp-options(5) you will see
references to several netbios items. The one that caught my attention
was 'all-subnets-local' which suggested an MTU adjustment...
Brock
> Message: 1
> Date: Fri, 19 Apr 2002 14:11:42 -0400
> From: [EMAIL PROTECTED]
> To: [EMAIL PROTECTED]
> Subject: [Leaf-user] NT networking over LEAF IPSEC VPN
>
> I posted the problem below on the FreeS/WAN users list and
> got a number of replies including agreement from others who
> have tried, but no one said "Hey I have NT (SMB) running
> across an IPSEC VPN". The best suggestions I got were to
> create a WINS (SAMBA) server on the remote side. I agree that
> should solve the problem, but when one talks about adding
> potentially hundreds of new SAMBA servers to a domain with
> trust relationships to thousands of servers this presents a
> big problem.
>
> The setup is simple: one or many Windows PC on the remote
> end, dozens of NT domains on the local end, and DCD-Cisco
> Router in between. Has anyone here at LEAF gotten SMB
> networking to propagate properly through an IPSEC tunnel? I
> can map drives and access file shares.
> It is s l o w but it works. What I can't do is view
> network browse
> lists, do network printing, in short almost the entire gamut of SMB.
>
> WINS information is passed by the DHCP server to the PCs. I
> have tried putting server info in LMHOSTS files. None of it
> helps. Has anyone solved this problem before?
>
> Roger
>
> -=-=-=-=--=-=-=-=-=-=-=-=-=-=-=-
>
> Date: Wed, 17 Apr 2002 12:00:47 -0400
> From: [EMAIL PROTECTED]
> To: [EMAIL PROTECTED]
> Subject: [Users] NT networking over a FreeS/WAN tunnel
>
> I am running a tunnel from a Dachstein firewall to a Cisco
> router. WINS servers are on the inside of the Cisco and
> Windows machines on the inside of the Dachstein. The Cisco
> router NATs the Tunnel addresses to routable addresses on its
> inside interface.
>
> Everything seems to be working fine through the tunnel (TCP,
> ICMP, UDP) except the NT networking. DHCP on the Dachstein
> passes the correct Wins information to the Windows PCs. I can
> logon (usually). I can map drives on servers, if I know in
> advance the server/share name. Mapped drives are horrendously
> slow. I can not browse the NT domain. I can not use network
> printers.
>
> Does anyone have a clue as to what might be the problem?
>
> Roger
_______________________________________________
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
