Hi Michael,
do you use the tap device? like this ( man openvpn advice tap instead of tun devices for win networks)
#example conf #my partners dns name remote your.partner.dns #kind of device dev tap0 float #tunnel ips my tunnel nic .... partners tunnel nic ifconfig 192.168.10.2 255.255.255.0 #what to do if comming up up /etc/openvpn/your.partner.dns.conf # optional, but good for setting route # timeouts ping 15 ping-restart 300 # 5 minutes resolv-retry 300 # 5 minutes persist-tun persist-key # compression (optional) comp-lzo # verbosity (optional) verb 5 #user and group user nobody group nogroup secret /etc/openvpnkey #mtu #mtu-test tun-mtu 1500 #daemonize daemon #tune #fragment 1400 #mssfix 1400 tun-mtu-extra 64
i have a few setups with pdc and bdc sambas across openvpn networks and they work quite well, i never found some oplocks problems ( what makes not sure that they are some ) but in 6 Months on 3 Servers with 100 Users and gigs of files nobody talked about that.
Study the subnet browsing stuff from samba, using openvpn as laptop clients i found not satisfactory i use pptp vor my roadwarriors.
oplocks are difficult to understand, i had my troubles with them in the past but now it worked from default with samba 3.07
but i read there are a few filetypes which making special trouble with them.
Maybe this was usefull for you its a complex theme
Regards
Michael Kelly schrieb:
Hello all,
I will give you a few details first.
In my office I am running Samba 3.02a as a simple file serve and a WINS server. It currently serves about 11 employees. That setup, other than a couple of minor things works fine.
I administrate a remote office as well that is part of the same company, there are 3 employees. In that office I have a Linux gateway running openVPN 2.0beta11 as a client which connects to our office so that they can utilize our file server. They can connect without any issues and get any resources they need from the file server. They also register on the WINS server listed above. That same Linux gateway is also running Samba 3.07 for the sole purpose of browse list syncronization. My routed openVPN solution does not allow broadcasts across its tunnel. Again this is working fine, They register with WINS, use WINS for NetBIOS lookups, and use resources from the Samba file server.
Also, I have two remote employees that connect to our network using an openVPN client on laptops running win2000 Pro. Again, these connections work great and they are able to register with the WINS server, edit files, what have you.
The problem I am having is that oplocks do not seem to function for any of the users connected via VPN. When I look at the status of the file server using smbstatus, I can see all of the connected users, both in my subnet and the ones connecting across the VPN, as well as being able to see the shares they have mapped.
I guess I am not sure why clients are able to open files across the VPN but not have the oplocks engaged. I have no turned off locks on any of the shares and, as I said earlier, users from my physical office receive locks when they open files, but remote users do not.
If I open a file on a machine on the office network, it is locked and even a remote client cannot overwrite it, but the vice versa is not true. If a remote client opens a file I can open it on my machine in the office network, change it and save it no problems.
I am really hoping someone can give me a hint to why this is occurring.
I know that in all cases the VPN is involved in the problem, but I am
trying to narrow it down to the root cause.
Thanks Michael Kelly
-- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
