Esoteric Windows browsing stuff.... GACK. Windows Network Neighborhood uses Microsoft's NetBuei in a broadcast mode. It uses 'Browse Masters' on each subnet etc. This stuff doesn't travel across a router at all without a lot of specific help from the router (Cisco routers can do this, but it consumes bandwidth - don't think LEAF can). You will need a WINS srver on at least one end and all the workstations on both ends will have to point to this. I believe you can imitate a WINS server with SAMBA, but I don't use SAMBA. As an alternative, if you have an LMHOST file configured on EACH PC's name and ip address on the network, then Network Neighborhood should work across the VPN with no additional network services (SAMBA WINS).
-sp > -----Original Message----- > From: Neil Schneider [mailto:[EMAIL PROTECTED] > Sent: Monday, June 23, 2003 4:29 PM > To: [EMAIL PROTECTED] > Subject: Re: [leaf-user] Windows VPN newbie > Importance: Low > > > I have network neighborhood browsing working across subnets, > through a VPN > tunnel. It required two SAMBA pdcs, one on each subnet. Cross > subnet browsing, > as has been stated before, requires a pdc on each subnet with > wins support > turned on, and remote browse sync set up. Once I had two > SAMBA servers, it > was relatively painless. > > begin quoting S Mohan : > > Windows network neighbourhood browsing is based on Netbios. It works > > fine on a homogenous Windows LAN and Samba. I could not get > it working > > across LANs bridged using TCP/IP. I once (in 1999) had a > TCP/IP RAS box > > for inbound dial up connectivity to a LAN. Browsing did not work. > > However, using the dial in facility to a modem on the NT > server running > > NT RAS services gave this facility. No change on client or > server side. > > > > I doubt if you can achieve what you want over IPSEC links. > Will stand > > corrected if any one else had been able to get it working. > > > > Mohan > > > > -----Original Message----- > > From: [EMAIL PROTECTED] > > [mailto:[EMAIL PROTECTED] On Behalf Of Charles > > Steinkuehler > > Sent: Saturday, June 21, 2003 10:13 AM > > To: Jaime Nebrera Herrera > > Cc: [EMAIL PROTECTED] > > Subject: Re: [leaf-user] Windows VPN newbie > > > > > > Jaime Nebrera Herrera wrote: > > > Hi all, > > > > > > I want to stablish a net to net VPN using Bering as a > gateway. On > > > both ends > > > will have windows machines :( > > > > > > They want to see both nets as a whole, with all > computers (remember > > > windows) > > > showing in the explorer, so they can access a shared hard > disk from > > both > > > sites. > > > > > > I want to do this the easiest and cheapest way. Options > considering: > > > > > > 1) If possible use only one "PC" on each end. I dont > know if they > > > have a WNT > > > or W200 server that could act as a WINS server, but > adding a linux (or > > a > > > couple of) just for WINS is not desirable unless there is > no other way > > > > > (higher price and complexity). > > > > > > 2) How bad isfor security adding WINS (samba) in the gateway? > > > > > > 3) Even better, is really necesary to have a WINS > service? I know > > > that for > > > IP services (http, ftp) there is no need for it, but the user just > > want to > > > see the whole as if there was no "separation in the middle :)" > > > > A WINS server gets you name resolution, but it does *NOT* provide > > cross-subnet browsing (the "official" term for what you > describe you're > > wanting), although it's typically a required piece of most > cross-subnet > > browsing setups. > > > > > 4) What option is better, PPTP or FreeSWAN? Remember, > both in the > > > gateway/firewall. Do I need WINS if I use PPTP? > > > > FreeS/WAN is better (from a security standpoint). Using > PPTP may work > > easier for browsing, but I've never tried to set this up, > so I'm not > > sure what features/limitations PPTP provides (other than a > pretty much > > guaranteed lack of security from anyone actually interested > in reading > > your data...PPTP will secure you from the idly curious, but > not anyone > > actually wanting to break into your VPN). > > > > > I know this are very basic questions, is there any good online > > > documentation > > > about this topics? > > > > > > Very thankful in advance. Regards. > > > > I'm not a windows networking guru, but have been through enough of > > trying to link remote windows networks to help out with a > few issues. > > > > First of all, I suggest trying to setup a subnet-subnet > IPSec VPN link > > between your two firewalls. This reduces the problem to > getting windows > > > > boxes to talk to each other across a router. There are two > aspects of > > the windows portion of the problem: > > > > 1) Sharing network resources across subnets > > > > 2) Browsing network resources across subnets > > > > Note that these are *VERY* differnet problems. Browsing on > MS networks > > typically works by using broadcast traffic, which won't > pass through > > your router/firewall/VPN appliance. Drive mapping, > however, can be done > > > > directly using IP addresses, DNS names (if you have entries for the > > system(s) in a zone file or in your hosts file), WINS name, etc. > > > > If you can get by with manually mapping drives instead of > browsing (ie > > manually typing in an IP or computer name rather than clicking the > > proper computer from a tree view with the mouse), what you > want is very > > simple...just get the VPN link running, and type \\192.168.1.44 (or > > whatever the appropriate far-end IP is) when you're trying to map a > > network drive or printer. > > > > If, however, you want to "browse" to the remote resouce, > you have a much > > > > bigger problem. The official microsoft way to do this is to run 2K > > server (probably .net server by now) on *EACH* subnet. You > eliminate > > the server install on one side of the network if you have > all systems > > log into the same domain controller (requires a WINS server > for name > > resolution, and proper configuration of the remote systems > so they know > > how to find the WINS server on the far subnet...this can be > setup via > > dhcp, so it's really not too bad). The Microsoft site has > a lot more > > info on what's required to implement this in the "approved" way...a > > search for "cross subnet browsing" should turn up lots of info. > > > > Samba servers can help mitigate a lot of the problems > incurred due to > > the artificial limitations of Microsoft's software (you'd > think they > > want to sell tons of copies of their server software or > something), but > > I wouldn't suggest running Samba on your firewalls, and it > doesn't sound > > > > like you have extra boxes lying around to turn into server systems. > > > > All of the above reflects what I've picked up trying to get > my windows > > box to gracefully talk to the home office network across a > subnet-subnet > > > > VPN, but does not necessarily represent the best, or > necessarily even > > appropriate way to do this in the microsoft world...I'm a linux > > networking guy, and know just enough microsoft networking > to keep my > > 2KPro desktop linked to the internet and the home office. > > > > -- > > Charles Steinkuehler > > [EMAIL PROTECTED] > > > > > > > > > > ------------------------------------------------------- > > This SF.Net email is sponsored by: INetU > > Attention Web Developers & Consultants: Become An INetU > Hosting Partner. > > Refer Dedicated Servers. We Manage Them. You Get 10% > Monthly Commission! > > INetU Dedicated Managed Hosting > http://www.inetu.net/partner/index.php > > > -------------------------------------------------------------- > ---------- > > leaf-user mailing list: [EMAIL PROTECTED] > > https://lists.sourceforge.net/lists/listinfo/leaf-user > > SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html > > > > > > > > ------------------------------------------------------- > > This SF.Net email is sponsored by: INetU > > Attention Web Developers & Consultants: Become An INetU > Hosting Partner. > > Refer Dedicated Servers. We Manage Them. You Get 10% > Monthly Commission! > > INetU Dedicated Managed Hosting > http://www.inetu.net/partner/index.php > > > -------------------------------------------------------------- > ---------- > > leaf-user mailing list: [EMAIL PROTECTED] > > https://lists.sourceforge.net/lists/listinfo/leaf-user > > SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html > > -- > Neil Schneider pacneil_at_linuxgeek_dot_net > http://www.paccomp.com > Key fingerprint = 67F0 E493 FCC0 0A8C 769B 8209 32D7 1DB1 8460 C47D > > Never look a gift horse in the mouth. > -- Saint Jerome > > > ------------------------------------------------------- > This SF.Net email is sponsored by: INetU > Attention Web Developers & Consultants: Become An INetU > Hosting Partner. > Refer Dedicated Servers. We Manage Them. You Get 10% Monthly > Commission! > INetU Dedicated Managed Hosting http://www.inetu.net/partner/index.php > -------------------------------------------------------------- > ---------- > leaf-user mailing list: [EMAIL PROTECTED] > https://lists.sourceforge.net/lists/listinfo/leaf-user > SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html > ------------------------------------------------------- This SF.Net email is sponsored by: INetU Attention Web Developers & Consultants: Become An INetU Hosting Partner. Refer Dedicated Servers. We Manage Them. You Get 10% Monthly Commission! INetU Dedicated Managed Hosting http://www.inetu.net/partner/index.php ------------------------------------------------------------------------ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
