Hi, Thank you for your response.
I use the tun device as it seemed it was a bit easier to setup. I did read that tap was a bit better with windows, but other than the oplocks issue with Samba I have not had any real problem with the openVPN setup and Samba. I think I will setup a test openVPN server running a tap device and see if there are any apparent differences. I have read though the Samba manual regarding oplocks and agree that they are a bit difficult to understand, okay, quite a bit. On my regular office network oplocks have worked fine since I started running the Samba server and it is only with the introduction of the VPN that I have seen any troubles. I have also read about a few file types causes issues with oplocks, I had problems with excel files, but it seems to be okay now, well nobody is complaining anymore anyway. I am not to familiar with pptp other than it is a point-to-point tunnelling protocol and the things I have read discuss using it with dial-up, we have no dedicated dailup access to our networks. For clarity sake, there appears to be no oplocks whatsoever when a client over the openVPN connection accesses a file on the server. Their connection is logged by samba, they show up in smbstatus, including all mounted drives, IP address, and username, just no oplocks. I think one of the first things I need to do is upgrade the Samba server to the latest version, but that will have to wait until the weekend as it is currently in use. As a first attempt I will try a tap device on the openVPN connection Thank you for your help and I will post any notable results. Michael Kelly >>> rruegner <[EMAIL PROTECTED]> 28/09/2004 5:01:44 pm >>> Hi Michael, do you use the tap device? like this ( man openvpn advice tap instead of tun devices for win networks) #example conf #my partners dns name remote your.partner.dns #kind of device dev tap0 float #tunnel ips my tunnel nic .... partners tunnel nic ifconfig 192.168.10.2 255.255.255.0 #what to do if comming up up /etc/openvpn/your.partner.dns.conf # optional, but good for setting route # timeouts ping 15 ping-restart 300 # 5 minutes resolv-retry 300 # 5 minutes persist-tun persist-key # compression (optional) comp-lzo # verbosity (optional) verb 5 #user and group user nobody group nogroup secret /etc/openvpnkey #mtu #mtu-test tun-mtu 1500 #daemonize daemon #tune #fragment 1400 #mssfix 1400 tun-mtu-extra 64 i have a few setups with pdc and bdc sambas across openvpn networks and they work quite well, i never found some oplocks problems ( what makes not sure that they are some ) but in 6 Months on 3 Servers with 100 Users and gigs of files nobody talked about that. Study the subnet browsing stuff from samba, using openvpn as laptop clients i found not satisfactory i use pptp vor my roadwarriors. oplocks are difficult to understand, i had my troubles with them in the past but now it worked from default with samba 3.07 but i read there are a few filetypes which making special trouble with them. Maybe this was usefull for you its a complex theme Regards Michael Kelly schrieb: > Hello all, > > I will give you a few details first. > > In my office I am running Samba 3.02a as a simple file serve and a WINS > server. It currently serves about 11 employees. That setup, other than a > couple of minor things works fine. > > I administrate a remote office as well that is part of the same > company, there are 3 employees. In that office I have a Linux gateway > running openVPN 2.0beta11 as a client which connects to our office so > that they can utilize our file server. They can connect without any > issues and get any resources they need from the file server. They also > register on the WINS server listed above. That same Linux gateway is > also running Samba 3.07 for the sole purpose of browse list > syncronization. My routed openVPN solution does not allow broadcasts > across its tunnel. Again this is working fine, They register with WINS, > use WINS for NetBIOS lookups, and use resources from the Samba file > server. > > Also, I have two remote employees that connect to our network using an > openVPN client on laptops running win2000 Pro. Again, these connections > work great and they are able to register with the WINS server, edit > files, what have you. > > The problem I am having is that oplocks do not seem to function for any > of the users connected via VPN. When I look at the status of the file > server using smbstatus, I can see all of the connected users, both in my > subnet and the ones connecting across the VPN, as well as being able to > see the shares they have mapped. > > I guess I am not sure why clients are able to open files across the VPN > but not have the oplocks engaged. I have no turned off locks on any of > the shares and, as I said earlier, users from my physical office receive > locks when they open files, but remote users do not. > > If I open a file on a machine on the office network, it is locked and > even a remote client cannot overwrite it, but the vice versa is not > true. If a remote client opens a file I can open it on my machine in the > office network, change it and save it no problems. > > I am really hoping someone can give me a hint to why this is occurring. > I know that in all cases the VPN is involved in the problem, but I am > trying to narrow it down to the root cause. > > Thanks > Michael Kelly -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
