Require help with troubleshooting samba shares over ipsec
(Brett Morrison)
Do you use Nat to connect at the share resource when you use shrew VPN ?
CALHELHA Jean-Michel
-----Message d'origine-----
De : [email protected]
[mailto:[email protected]] De la part de
[email protected]
Envoyé : mardi 10 août 2010 19:00
À : [email protected]
Objet : vpn-help Digest, Vol 47, Issue 9
Send vpn-help mailing list submissions to
[email protected]
To subscribe or unsubscribe via the World Wide Web, visit
http://lists.shrew.net/mailman/listinfo/vpn-help
or, via email, send a message with subject or body 'help' to
[email protected]
You can reach the person managing the list at
[email protected]
When replying, please edit your Subject line so it is more specific than
"Re: Contents of vpn-help digest..."
Today's Topics:
1. Require help with troubleshooting samba shares over ipsec
(Brett Morrison)
2. Re: Again: no response vom DHCP server (Fortigate 80C 4.0
MR1) (Matthew Grooms)
3. Problem with security Policies (CALHELHA Jean-Michel)
4. Re: Problem with security Policies (Matthew Grooms)
5. Re: Require help with troubleshooting samba shares over ipsec
(Matthew Grooms)
----------------------------------------------------------------------
Message: 1
Date: Tue, 10 Aug 2010 11:32:40 +1000
From: "Brett Morrison" <[email protected]>
Subject: [vpn-help] Require help with troubleshooting samba shares
over ipsec
To: <[email protected]>
Message-ID:
<[email protected]>
Content-Type: text/plain; charset="us-ascii"
Hi all
We are having trouble with some Samba shares on one of our servers not being
accessible by one of our guys that works remotely.
He is connecting using Shrewsoft VPN client 2.1.5, OS is Windows 7 pro
32bit. He can ping the server, can use SSH to connect to the terminal
software on the server, but shares do not come up in windows explorer.
This has been tested on my laptop as well with the same setup, which has the
same problem.
Inside the network, there is no problem, all win 7 clients can connect
without a problem.
Any ideas?
regards,
Brett
############################################################################
################################
Attention:
Hyne and Son Pty Limited trading as Hyne Timber reserves the right to
monitor all e-mail communications throughout its corporate network. This
e-mail and any attachments are confidential and may be privileged in which
case neither is intended to be waived.
If you are not the intended recipient (or responsible for delivery of the
message to such person), any use, interference with, disclosure or copy of
this material is unauthorised and prohibited.
If you have received this communication in error, please notify us
immediately by return e-mail, and destroy the original communication.
This communication has been scanned and cleared by Hyne Timber's corporate
virus scanning software, however it remains your responsibility to scan for
viruses and other defects prior to use. Hyne Timber shall not accept any
loss or damage caused directly or indirectly to you or any third party by
this communication.
Any views or opinions presented are solely those of the sender, unless
stated otherwise and the content may not necessarily represent the views of
Hyne Timber.
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://lists.shrew.net/pipermail/vpn-help/attachments/20100810/865d1079/att
achment-0001.html>
------------------------------
Message: 2
Date: Tue, 10 Aug 2010 00:13:10 -0500
From: Matthew Grooms <[email protected]>
Subject: Re: [vpn-help] Again: no response vom DHCP server (Fortigate
80C 4.0 MR1)
To: "Weber, Uwe" <[email protected]>
Cc: "[email protected]" <[email protected]>
Message-ID: <[email protected]>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
On 8/5/2010 4:32 AM, Weber, Uwe wrote:
> Hi Uwe,
>
> This sounds like a different problem from the DHCP over IPsec related
> issue that was reported previously. It pertains to the client not
> using a consistent MAC address for the DHCP discover. Since each
> connection is processed as a different machine, the gateway hands out
> a new DHCP address for each Shrew connection attempt which eventually
> exhausts the DHCP pool. My guess is that the Fortigate client wasn't
> effected by this because it retained the MAC value previously sent and
> gets handed an address which is still reserved. The easiest solution
> will be for the client to offer the same MAC address each time so it
> doesn't cause this problem. I haven't gotten around to this yet, but
> it shouldn't be too difficult to add. I'll keep you posted.
>
> -Matthew
>
> -- Matthew, you exactly hit the nail: In the meantime, I found out,
> that really the FGT went out of DHCP-Leases and wasn't able to had out
> more leases to the Shrew-Clients (which are always the same) but seem
> to come with a different MAC and so requesting a new IP from
> IPSEC-DHCP instead of reclaiming the previous lease. Forticlient alwys
> comes with the same MAC as you said, and subsequently gets the old
> lease. My workaround so far is, that I have set the lease time to one
> hour, which prevents the DHCP pool from getting exhausted. So far this
> worked for me :) But if there is not a specific reason for the Shrew
> client software to use a different MAC for each connection attempt,
> and if you can change this behavior, you should do it, because
> logically seen it would be clear to me, that a connection (or a
> virtual IPSEC interface) always uses the same MAC. As far as I have
> seen it, every IPSEC client does use one and the same MAC address
> (which is even configurable in some cases iirc) for every connection
> butcause the MAC logically belongs to the interface and not to the
> connection imho. Regards Uwe
Hi Uwe,
Please test this build. It should hand out the same IP address to the client
each time ...
http://www.shrew.net/download/vpn/vpn-client-2.1.6-dhcpfix-1.exe
... if you can provide feedback quickly enough, I will roll the change into
2.1.6 for the release.
-Matthew
------------------------------
Message: 3
Date: Tue, 10 Aug 2010 14:17:44 +0200 (CEST)
From: CALHELHA Jean-Michel <[email protected]>
Subject: [vpn-help] Problem with security Policies
To: [email protected]
Message-ID:
<1718438625.276751281442664878.javamail.r...@zimbra2-e1.priv.proxad.net>
Content-Type: text/plain; charset=utf-8
Hello all,
I have a problem with shrew. When I connect to my concentrator I have access
to my ressources but sometimes if I disconnect and reconnect, the shrew
doesn't clear the security Policies. After this I can't acces to my
ressources, for resolve this problem I need to restart windows or kill the
processes shew "iked" and "ipsecd".
Thx for your help.
CALHELHA Jean-Michel
------------------------------
Message: 4
Date: Tue, 10 Aug 2010 11:09:04 -0500
From: Matthew Grooms <[email protected]>
Subject: Re: [vpn-help] Problem with security Policies
To: CALHELHA Jean-Michel <[email protected]>
Cc: [email protected]
Message-ID: <[email protected]>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
On 8/10/2010 7:17 AM, CALHELHA Jean-Michel wrote:
>
> Hello all,
>
> I have a problem with shrew. When I connect to my concentrator I have
access to my ressources but sometimes if I disconnect and reconnect, the
shrew doesn't clear the security Policies. After this I can't acces to my
ressources, for resolve this problem I need to restart windows or kill the
processes shew "iked" and "ipsecd".
>
Hi Jean-Michel,
Have you tested the 2.1.6 release candidate to see if your problem still
exists?
-Matthew
------------------------------
Message: 5
Date: Tue, 10 Aug 2010 11:10:00 -0500
From: Matthew Grooms <[email protected]>
Subject: Re: [vpn-help] Require help with troubleshooting samba shares
over ipsec
To: Brett Morrison <[email protected]>
Cc: [email protected]
Message-ID: <[email protected]>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
On 8/9/2010 8:32 PM, Brett Morrison wrote:
> Hi all
>
> We are having trouble with some Samba shares on one of our servers not
> being accessible by one of our guys that works remotely.
>
> He is connecting using Shrewsoft VPN client 2.1.5, OS is Windows 7 pro
> 32bit. He can ping the server, can use SSH to connect to the terminal
> software on the server, but shares do not come up in windows explorer.
> This has been tested on my laptop as well with the same setup, which
> has the same problem.
>
> Inside the network, there is no problem, all win 7 clients can connect
> without a problem.
>
> Any ideas?
>
What version of the client are you using? What gateway are you connecting
to?
-Matthew
------------------------------
Message: 5
Date: Tue, 10 Aug 2010 11:10:00 -0500
From: Matthew Grooms <[email protected]>
Subject: Re: [vpn-help] Require help with troubleshooting samba shares
over ipsec
To: Brett Morrison <[email protected]>
Cc: [email protected]
Message-ID: <[email protected]>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
On 8/9/2010 8:32 PM, Brett Morrison wrote:
> Hi all
>
> We are having trouble with some Samba shares on one of our servers not
> being accessible by one of our guys that works remotely.
>
> He is connecting using Shrewsoft VPN client 2.1.5, OS is Windows 7 pro
> 32bit. He can ping the server, can use SSH to connect to the terminal
> software on the server, but shares do not come up in windows explorer.
> This has been tested on my laptop as well with the same setup, which
> has the same problem.
>
> Inside the network, there is no problem, all win 7 clients can connect
> without a problem.
>
> Any ideas?
>
What version of the client are you using? What gateway are you connecting
to?
-Matthew_
______________________________________________
vpn-help mailing list
[email protected]
http://lists.shrew.net/mailman/listinfo/vpn-help
End of vpn-help Digest, Vol 47, Issue 9
***************************************
_______________________________________________
vpn-help mailing list
[email protected]
http://lists.shrew.net/mailman/listinfo/vpn-help
