cmisip 09-21-2003 09:17 AM

Browsing across a Frees/wan vpn tunnel- how do you get this to work?
I have a roadwarrior running windows xp trying to connect to the samba shares in the home lan. There is a tunnel between the windows xp machine and the home lan using frees/wan. I am able to access the home lan with ssh as well ping the machines there. The home lan even masquerades the remote windows xp so it can have internet access when the vpn tunnel is up. However, I cannot browse the samba shares on the home lan.

I have an alternative configuration of freeswan that allows me to connect the laptop wirelessly and securely via frees/wan when I am at home. In this scenario, the samba shares are accessible in Network Places. I dont know why this wont work when the vpn tunnel is across the internet zone.

By the way, for security, I have the laptop at home on a separate subnet from the wired lan so I had to get cross subnet browsing working at home when connecting wirelessly via vpn tunnel. To do this I had to designate one of the wired hosts as a samba domain master browser, local master and wins server. However I found out that I can only browse the shares on the wired lan if I disable the master browser in the laptop running Windows XP. I didn't think this was necessary since the Windows XP can become a master browser for the wireless subnet and sync with the Samba wins server on the wired subnet in theory. If Windows xp is allowed to be a master browser in its subnet, the samba shares in the wired lan are not available unless I use remote browse sync option in samba.

My local browsing setup is ok with me. I just want to get browsing through the vpn working as well. Any ideas?

The remote vpn will have a dynamic IP address so I am also looking for a way to automatically allow it to access the local lan smb shares without having to manually enter the remote IP in some config file each time.

Does windows xp home a wins server? Can it sync with the samba wins server at the home lan? (since they will be across the WAN) . Or will using the remote browse sync across the vpn tunnel (through the internet zone) achieve the result I want (If i turn on the master browser setting in windows xp). This still does not change the fact that If I relied on remote browse sync, I need to enter the remote IP in /etc/smb.conf in the home lan and restart smb for remote browse sync to work.

Any ideas? Thanks

peter_robb 09-21-2003 11:28 AM

By default, broadcast aren't piped down an ipsec or ppp dialup channel.

One way is to make sure you tunnel directly to the smb server.. and have ip allocations within the broadcast subnet...
Another is to browse the smb server just by it's ip number, then wait the 12 mins it takes for your remote ip to be published...
Another is to use a ProxyARP at the point your tunnel joins the local lan. This will allow your broadcasts to appear local rather than down the tunnel...

cmisip 09-22-2003 12:02 AM

Thanks for the assist. I have just figured out how this works. On the Network Connection for dialup isp in Windows XP I checked the option for Client for Microsoft Networks. This did the trick. My network is configured like the first option you described. Now browsing through the vpn tunnel works. I am still working on printing through the vpn tunnel though.

